ElfFile}TElfChnkdzddzdcѓU7(G=f?mMFG&**Xd E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!ZA_A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hdL E'b&  8P!LZA_A_ ddMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hdN E'b&  8P!NZA_A_ ddMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Verh**hd2 E'b&  8P!2ZA_ A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Acth**hdy E'b&  8P!yZA_ A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t Rh**hd E'b&  8P!ZA_alA_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &r =h**hd  E'b&  8P! ZA_alA_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &resh**hd$ E'b&  8P!$ZA_A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & }h**hd. E'b&  8P!.ZA_A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Winh**h d E'b&  8P!ZA_mA_| T dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &s Wh**h!du) E'b&  8P!u)ZA_mA_| T!dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &s }h**h"d'Q E'b&  8P!'QZA_A_$ "dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Comh**h#d< E'b&  8P!<ZA_A_$ #dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ft.h**h$d[ E'b&  8P![ZA_0mA_x$dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h%d E'b&  8P!ZA_0mA_x%dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h&dha* E'b&  8P!ha*ZA_A_ &dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h'dp5 E'b&  8P!p5ZA_A_ 'dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h(dD E'b&  8P!DZA_CmA_l(dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h)dqP E'b&  8P!qPZA_CmA_l)dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h*d+ ` E'b&  8P!+ `ZA_'A_ 4 *dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h+d l E'b&  8P! lZA_'A_ 4 +dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h,dPa} E'b&  8P!Pa}ZA_HmA_,dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h-d E'b&  8P!ZA_HmA_-dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h.d2 E'b&  8P!2ZA_EA_ .dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h/d E'b&  8P!ZA_EA_ /dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a38h**h0dK E'b&  8P!KZA_FA_, \0dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**h1d E'b&  8P!ZA_FA_, \1dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**h2d E'b&  8P!ZA_MA_ T 2dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &dexh**h3d E'b&  8P!ZA_MA_ T 3dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &daph**h4du! E'b&  8P!u!ZA_mmA_X 84dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t $h**h5d2 E'b&  8P!2ZA_mmA_X 85dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &.IPh**h6d!5 E'b&  8P!!5ZA_mA_ 6dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &$_.h**h7d> E'b&  8P!>ZA_mA_ 7dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &} h**h8d)V E'b&  8P!)VZA__A_ph8dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ipth**h9dhc E'b&  8P!hcZA__A_ph9dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &**h**h:d~ E'b&  8P!~ZA_mA_l, :dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &**h**h;dn͊ E'b&  8P!n͊ZA_mA_l, ;dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &**h**hdzr E'b&  8P!zrZA_mA_4 L>dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &**h**h?dֆr E'b&  8P!ֆrZA_mA_4 L?dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &**h**h@du擑 E'b&  8P!u擑ZA_cnA_ ( @dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &**h**hAd: E'b&  8P!:ZA_cnA_ ( AdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &**h**hBd~  E'b&  8P!~ ZA_A_8 BdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &**h**hCdQ E'b&  8P!QZA_A_8 CdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &**h**@Dd@t E'b&  8P!j@tZA_A_8 DdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Gp;)(A?GoData= ContextInfo A'G=UserData A%G=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3ec017ad-5b43-43b4-90d1-7840abe281de Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 179febae-6bea-4e76-9519-614ac86a5960 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. W@**hEd E'b&  8P!ZA_A_EdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hFd E'b&  8P!ZA_A_FdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hGdލ  E'b&  8P!ލ ZA_A_ GdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hHd E'b&  8P!ZA_A_ HdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hIdUK% E'b&  8P!UK%ZA_@pA_( @IdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hJdQ.W% E'b&  8P!Q.W%ZA_@pA_( @JdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hKd4 E'b&  8P!4ZA_fpA_ KdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &st h**hLd`4 E'b&  8P!`4ZA_fpA_ LdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & $mh**hMd1D> E'b&  8P!1D>ZA_pA_`| MdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &trih**hNd ,R> E'b&  8P! ,R>ZA_pA_`| NdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &fach**OdMc> E'b&  8P]!jMc>ZA_A_`OdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational G@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ec27e148-af07-4240-a94e-0c61c6d45be8 Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-ulga3lby.b5w.ps1 Engine Version = 4.0 Runspace ID = 3f55cfc9-fa5f-48bd-ab07-3f6a856ef24d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. = $c**hPdV o> E'b&  8P!V o>ZA_pA_lPdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &D =h**hQdz> E'b&  8P!z>ZA_pA_lQdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ll h**xRd> E'b&  8P!!j>ZA_aqA_RdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational G@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5f6e3356-5a28-4be8-80dd-f5c8968a605d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 694ad1e3-44b7-4ce2-b193-b6f77cedc6be Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. cex**hSddR? E'b&  8P!dR?ZA_A_ SdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Wmih**hTd%>? E'b&  8P!%>?ZA_A_ TdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & $ch**hUdC#^A E'b&  8P!C#^AZA_A_,UdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &D =h**hVdLjA E'b&  8P!LjAZA_A_,VdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ll h**hWdA E'b&  8P!AZA_A_ WdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hXd.A E'b&  8P!.AZA_A_ XdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**xYdA E'b&  8P!!jAZA_erA_YdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational G@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5e0dc06a-cde0-4946-8b53-5bf416113bc5 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1ff37638-6492-4f93-bd69-78fb90d0b39b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hZdL E'b&  8P!LZA_KA_HZdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h[d7L E'b&  8P!7LZA_KA_H[dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h\dhX E'b&  8P!hXZA_QA_L d\dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Comh**h]d8TX E'b&  8P!8TXZA_QA_L d]dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &0' h**h^dGX E'b&  8P!GXZA_UA_ ^dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h_dSX E'b&  8P!SXZA_UA_ _dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &$adh**x`dfFX E'b&  8P!!jfFXZA_A_ `dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational G@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 26372a70-855e-4b72-95d5-27bbc533202c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8eb66d4b-8115-4af9-a646-08a7d0e18e93 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hadWX E'b&  8P!WXZA_A_ adMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hbdXCX E'b&  8P!XCXZA_A_ bdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hcd9] E'b&  8P!9]ZA_ A_$ DcdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hddM] E'b&  8P!M]ZA_ A_$ DddMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hed] E'b&  8P!]ZA_gsA_ xedMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hfdf3] E'b&  8P!f3]ZA_gsA_ xfdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**xgdK^ E'b&  8P!!jK^ZA_Y A_ P gdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational G@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c1a084a4-ad43-44c5-9738-90d09ef0164d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = cd709361-cd50-4254-8d5c-749c436df4b9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hhdm^ E'b&  8P!m^ZA_Z A_ hdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hidx|y^ E'b&  8P!x|y^ZA_Z A_ idMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &p!h**hjd^ E'b&  8P!^ZA_EtA_` jdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &!h**hkd^ E'b&  8P!^ZA_EtA_` kdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**xld^_ E'b&  8P!!j^_ZA_tA_`dldMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational G@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0118189e-e461-4205-b637-66f33f363e6d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 13337284-8faa-416b-bd89-0832d9db26a2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**hmd7_ E'b&  8P!7_ZA_tA_0mdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hnd&_ E'b&  8P!&_ZA_tA_0ndMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hod({_ E'b&  8P!({_ZA_X!A_T odMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hpdE_ E'b&  8P!E_ZA_X!A_T pdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hqd_ E'b&  8P!_ZA_[!A_(qdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hrda_ E'b&  8P!a_ZA_uA_`8 rdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hsdr_ E'b&  8P!r_ZA_[!A_(sdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**htd _ E'b&  8P! _ZA_uA_`8 tdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hudÒ E'b&  8P!ÒZA_!A_udMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hvdU E'b&  8P!UZA_!A_vdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hwdk E'b&  8P!kZA_!A_XwdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hxd׼ E'b&  8P!׼ZA_!A_XxdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hyd E'b&  8P!ZA_.vA_ ydMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hzdt E'b&  8P!tZA_.vA_ zdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Whdows-PowerSh E'b&  8PE'bjAIZA_."A_ {dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational G@dows-PowerShell/Operational &h**hd4V E'b&  8P!4VZA_>lA_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hdx` E'b&  8P!x`ZA_>lA_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hdpq E'b&  8P!pqZA_A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hdq{ E'b&  8P!q{ZA_A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hdq E'b&  8P!qZA_IlA_l< dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hd] E'b&  8P!]ZA_IlA_l< dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hd2 E'b&  8P!2ZA_A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &hb&  8Prational &ElfChnk{dd{dd0Zb2,3(P=f?mMF&a**{dAI E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jAIZA_."A_ {dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3a2f5dfa-b0ba-4a36-8c47-f252c09df369 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0405fd82-17ad-41ce-b968-650b384279d0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. **|da E'b&  8P9!aZA_vA_|dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c( **h}dN|m E'b&  8P!N|mZA_vA_}dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h~dY E'b&  8P!YZA_AwA_ ~dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hd E'b&  8P!ZA_AwA_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hd௮ E'b&  8P!௮ZA_"A_4 dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hdi E'b&  8P!iZA_"A_4 dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hd3MÓ E'b&  8P!3MÓZA_:xA_dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hdÓ E'b&  8P!ÓZA_:xA_dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hdÓ E'b&  8P!ÓZA_K#A_L T dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hdTVÓ E'b&  8P!TVÓZA_K#A_L T dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**xdpBē E'b&  8P!!jpBēZA_#A_L dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 886ed99d-f9e2-4dbb-b56b-a4e877d2a330 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e40d4a90-12a5-4f48-bf89-3078d3fe681e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hd6ē E'b&  8P!6ēZA_yA_h8dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hdREē E'b&  8P!REēZA_yA_h8dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hd8ē E'b&  8P!8ēZA_>yA_H dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hd$ē E'b&  8P!$ēZA_>yA_H dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hd3\ E'b&  8P!3\ZA_C$A_hdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hd8@\ E'b&  8P!8@\ZA_C$A_hdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hdha E'b&  8P!haZA_J$A_4 ( dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hdea E'b&  8P!eaZA_J$A_4 ( dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hdKe E'b&  8P!KeZA_$A_8 dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hdWe E'b&  8P!WeZA_$A_8 dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hdVe E'b&  8P!VeZA_yA_t$ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hdBe E'b&  8P!BeZA_yA_t$ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xdf E'b&  8P!!jfZA_ %A_tdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6079c271-75ea-4201-b1b6-88eb2ed4861e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5ec4fbf9-d446-4e5b-aa03-b914fcd8d44f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hd3f E'b&  8P!3fZA_%A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hdT?f E'b&  8P!T?fZA_%A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hdOl E'b&  8P!OlZA_zA_L dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hd2l E'b&  8P!2lZA_zA_L dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a@ph**hdm E'b&  8P!mZA_c%A_L dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a@ph**hd@*m E'b&  8P!@*mZA_c%A_L dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &afph**xd3m E'b&  8P!!j3mZA_k{A_dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b6839dfd-d432-48d2-ae03-1e60f8110ba3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 579e98f4-fe91-42af-90d4-d3c7e1170157 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hdS׳m E'b&  8P!S׳mZA_%A_X dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aComh**hdÿm E'b&  8P!ÿmZA_%A_X dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a0' h**hdm E'b&  8P!mZA_%A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hdm E'b&  8P!mZA_%A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$adh**xdUJn E'b&  8P!!jUJnZA_l&A_l dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 84789ede-860e-4dbb-8a06-c95cea19a0ad Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a6eb1f81-1181-48d1-b5ef-bdfb4dc8f79c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hden E'b&  8P!enZA_|A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hd(isn E'b&  8P!(isnZA_|A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hdİn E'b&  8P!İnZA_|A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aComh**hdYn E'b&  8P!YnZA_|A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a0' h**hd2n E'b&  8P!2nZA_|A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hd,an E'b&  8P!,anZA_,'A_,dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$adh**hdn E'b&  8P!nZA_|A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hdLn E'b&  8P!LnZA_,'A_,dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &anceh**xdXMh E'b& 8P!XMhZA_'A_` d ذĤi 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -x**xd7s E'b& 8P!7sZA_'A_` d ذĤi 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a } x**xd E'b& 8P!ZA_'A_0d ذĤi 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aamex**xd E'b& 8P!ZA_'A_0d ذĤi 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aErrx**xd( E'b& 8P!(ZA_(A_d ذĤi 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahelx**xdDj+ E'b& 8P!Dj+ZA_(A_d ذĤi 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aratx**xd^Y E'b& 8P!^YZA_,(A_l d ذĤi 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a &x**xd;e E'b& 8P!;eZA_,(A_l d ذĤi 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a0' x**xdY E'b& 8P!YZA_=(A_\ Ld ذĤi 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a_dx**xd`L E'b& 8P!`LZA_=(A_\ Ld ذĤi 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ax**xdy E'b& 8P!yZA_G(A_ 0 d ذĤi 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aWarx**xdG E'b& 8P!GZA_G(A_ 0 d ذĤi 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aactx**xdYh E'b& 8P!YhZA_S(A_ d ذĤi 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinx**xdYEt E'b& 8P!YEtZA_S(A_ d ذĤi 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a x**hdRP E'b&  8P!RPZA__(A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aMach**hdik[ E'b&  8P!ik[ZA__(A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad th**hd E'b&  8P!ZA_ ~A_0DdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ag =h**hd? E'b&  8P!?ZA_ ~A_0DdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hdk  E'b&  8P!k ZA_~A_x dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a ($h**hd$  E'b&  8P!$ ZA_~A_x dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**xdv  E'b&  8P!!jv ZA_(A_x l dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ea4e4906-08c1-4718-b33a-ed1766558b5b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0755c149-7812-480b-b027-2e9ea2ee15f5 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hdA  E'b&  8P!A ZA_~A_48 dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aMach**hd:  E'b&  8P!: ZA_~A_48 dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad th**hd2O ! E'b&  8P!2O !ZA_)A_(dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ag =h**hdV;,! E'b&  8P!V;,!ZA_)A_(dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hd- Ǖ E'b&  8P!- ǕZA_A_hT dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a ($h**hd,Ǖ E'b&  8P!,ǕZA_A_hT dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hd&ҕ E'b&  8P!&ҕZA_**A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aTEMh**hdҕ E'b&  8P!ҕZA_**A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hd0ҕ E'b&  8P!0ҕZA_6*A_< dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hdҕ E'b&  8P!ҕZA_6*A_< dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**xdcӕ E'b&  8P!!jcӕZA_A_< dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e4869487-368a-430e-b870-1f06fab1558d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 759d20b9-b45f-4f3d-87a9-7ba2a042e157 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hdyiӕ E'b&  8P!yiӕZA_ŀA_LdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aTEMh**hdu ӕ E'b&  8P!u ӕZA_ŀA_LdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hdӕ E'b&  8P!ӕZA_*A_l dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hdbӕ E'b&  8P!bӕZA_*A_l dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hdi t E'b&  8P!i tZA_*A_ ldMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hdzZt E'b&  8P!zZtZA_*A_ ldMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hdZy E'b&  8P!ZyZA_*A_4 0dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hdFy E'b&  8P!FyZA_*A_4 0dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hdp'~ E'b&  8P!p'~ZA_4+A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hdH4~ E'b&  8P!H4~ZA_4+A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hdo~ E'b&  8P!o~ZA_;+A_P dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hd{~ E'b&  8P!{~ZA_;+A_P dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**xdJ~ E'b&  8P!!jJ~ZA_A_PdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 264d704b-865e-44d8-b866-ca4f5f856d4b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a288ef54-13ec-4a82-a0c4-7d4ea69e37b1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x  8Prational &ElfChnkd,ed,e\H:\(=f?mMF&**Xd-  E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!- ZA_+A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hd E'b&  8P!ZA_+A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hd E'b&  8P!ZA_+A_ ldMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**hdi E'b&  8P!iZA_+A_ ldMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**hdj႖ E'b&  8P!j႖ZA_+A_ L dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**hd[ E'b&  8P![ZA_+A_ L dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &00-h**@dT E'b&  8P!jTZA_T,A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 104e50bd-1df1-46f6-b605-b7d8500c9e41 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e51a1c72-0a84-468a-8954-b6f7fb00182f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**hdxw E'b&  8P!xwZA_V,A_0dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hd&  E'b&  8P!& ZA_V,A_0dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hdH E'b&  8P!HZA__,A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hd74 E'b&  8P!74ZA__,A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**xdf  E'b&  8P!!jf ZA_uA_ 4dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = df889873-e907-4b63-8b83-136947bc68b6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b47e7578-aa17-448e-99d2-ac28efbebd53 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hd_" E'b&  8P!_"ZA_yA_dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hd$. E'b&  8P!$.ZA_yA_dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hd E'b&  8P!ZA_,A_@ @dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hd E'b&  8P!ZA_,A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hd E'b&  8P!ZA_,A_@ @dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hd E'b&  8P!ZA_,A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hd}պ E'b&  8P!}պZA_A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hdJƄ E'b&  8P!JƄZA_A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hd, E'b&  8P!,ZA_m E'b&  8P!&>mZA_A_<4eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**he E'b&  8P!ZA_1A_eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**he񊖘 E'b&  8P!񊖘ZA_1A_eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**heΖ E'b&  8P!ΖZA_QA_ eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**heiCٖ E'b&  8P!iCٖZA_QA_ eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**x e@ E'b&  8P!!j@ZA_1A_ eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d37d0d58-5b03-4668-82fc-acac39f218fc Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 836e000d-c8c0-4c4d-bd06-646f34738336 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. erx**h egg E'b&  8P!ggZA_‰A_ eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**h ewr E'b&  8P!wrZA_‰A_ eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**h ePZ E'b&  8P!PZZA_A_<  eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & 2h**h e4E E'b&  8P!q>EZA_4A_ ,(eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h)eފrS E'b&  8P!ފrSZA_A5A_h)eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ h**h*ev~S E'b&  8P!v~SZA_A5A_h*eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &on h**h+eTS E'b&  8P!TSZA__A_| +eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Oh**h,ecS E'b&  8P!cSZA__A_| ,eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ecthbject -First E'b&  8PrejzTZA_A_| p -eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @-4a82-a0c4-7d4ea69e37b1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x  8Prational &ElfChnk-ee-ee@1JDH.(P=f?mMF&a**-ezT E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jzTZA_A_| p -eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f682f1db-f41c-4b94-b7a6-7c24a3aa3684 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7714290b-2138-41bc-812e-b2b402fc187f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ) {**.e 'T E'b&  8P9! 'TZA_5A_.eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c((-**h/e2T E'b&  8P!2TZA_5A_/eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**h0e_kT E'b&  8P!_kTZA_P6A_0eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**h1eT E'b&  8P!TZA_P6A_1eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**h2el} E'b&  8P!l}ZA_6A_2eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**h3e.i E'b&  8P!.iZA_6A_3eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h4eLN E'b&  8P!LNZA_6A_p 4eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h5e8Z E'b&  8P!8ZZA_6A_p 5eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h6ew E'b&  8P!wZA_6A_ |6eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h7e/ E'b&  8P!/ZA_6A_ |7eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**x8e E'b&  8P!!jZA_pA_  8eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0af398e0-2226-4b86-88ec-7874e383d38a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 678955a9-9810-4dca-bf4b-52d29bab1622 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h9eA E'b&  8P!AZA_tA_P , 9eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h:e- E'b&  8P!-ZA_tA_P , :eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h;e q E'b&  8P! qZA_#A_L l;eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**he< E'b&  8P!<ZA_ˑA_ >eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h?e Ӫ E'b&  8P! ӪZA_,7A_ ?eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h@e]ܪ E'b&  8P!]ܪZA_,7A_ @eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hAew E'b&  8P!wZA_7A_TAeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hBe E'b&  8P!ZA_7A_TBeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hCekH E'b&  8P!kHZA_ A_h CeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hDe-4Ʈ E'b&  8P!-4ƮZA_ A_h DeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xEep* E'b&  8P!!jp*ZA_iA_h `EeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 34d52ae1-62f0-40c0-a5da-8183ac5df805 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = bd8879a2-b18f-4be0-aecb-1963ea5354e5 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hFeR E'b&  8P!RZA_jA_ FeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hGer^ E'b&  8P!r^ZA_jA_ GeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hHe+^ E'b&  8P!+^ZA_e8A_THeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hIej E'b&  8P!jZA_e8A_TIeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a@ph**hJe1 E'b&  8P!1ZA_A_ JeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a@ph**hKe E'b&  8P!ZA_A_ KeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &afph**xLeT E'b&  8P!!jTZA_9A_ LeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 586066be-f94d-45c4-9223-9dce8493434b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = fde1a132-5b11-42d1-827f-de7cc452b43d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hMep# E'b&  8P!p#ZA_ 9A_8MeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hNe/ E'b&  8P!/ZA_ 9A_8NeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hOemK E'b&  8P!mKZA_zA_h `OeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hPeCW E'b&  8P!CWZA_zA_h `PeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**xQeR( E'b&  8P!!jR(ZA_GA_h DQeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1c497757-6e90-4305-af10-0dc8dd884f65 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f2da276e-c111-40cb-8a15-c34555caf31b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. A_$ eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @dows-PowerShell/Operational &ecthbject -First E'b&  8PrejzTZA_A_| p -eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @-4a82-a0c4-7d4ea69e37b1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x  8Prational &ElfChnkeeee(Q0al(P=f?mMF&a**eΜ E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jΜZA_>A_$ eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b64c3be3-07fb-45f8-a5b7-ea0b84f1e8b2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a134aefc-5adb-4330-8466-8ac5fe50f511 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ) {**e Μ E'b&  8P9! ΜZA_>A_tl eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c((-**he΁Μ E'b&  8P!΁ΜZA_>A_tl eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**heМ E'b&  8P!МZA_4>A_eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**heМ E'b&  8P!МZA_4>A_eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**heМ E'b&  8P!МZA_8>A_ TeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**he ќ E'b&  8P! ќZA_8>A_ TeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xe,lќ E'b&  8P!!j,lќZA_?A_ $ eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8adb5501-bfed-46ce-b9ce-ec9d93194b8d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9ea8e0cc-ad28-4f7a-a4b7-64421547bfc1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**heQܜ E'b&  8P!QܜZA_DA_`eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**he\ܜ E'b&  8P!\ܜZA_DA_`eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**he E'b&  8P!ZA_IA_< eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**he` E'b&  8P!`ZA_IA_< eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**he3 E'b&  8P!3ZA_MA_4 eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**heb> E'b&  8P!b>ZA_MA_4 eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xer E'b&  8P!!jrZA_(?A_4 eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c2daca0a-12df-4e98-8b45-9e23f2c14142 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 87186e2e-6486-4b0e-9d83-4cc120a602bb Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 0-x**he< E'b&  8P!<ZA_,?A_ eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**he  E'b&  8P! ZA_,?A_ eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**he^ E'b&  8P!^ZA_E?A_L eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**he7W E'b&  8P!7WZA_E?A_L eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**heT E'b&  8P!TZA_nA_eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**he5 E'b&  8P!5ZA_nA_eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**xet2 E'b&  8P!!jt2ZA_HA_l eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8e5cfdeb-83b2-45a1-85fa-ba43799371cd Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 67ee2469-9277-4790-8517-1c4e9bc90c4a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 4-x**he\ E'b&  8P!\ZA_?A_ eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**heѳg E'b&  8P!ѳgZA_?A_ eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**he{  E'b&  8P!{ ZA_?A_| eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**he< E'b&  8P!<ZA_?A_| eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**xe E'b&  8P!!jZA_?A_|@eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = fd4dc1cf-d48f-45a6-83eb-e4b0418a6a07 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 11427b10-4be4-4a0a-baa9-8c06f7dca8a8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 5-x**he  E'b&  8P! ZA_ A_`eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**he E'b&  8P!ZA_ A_`eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**he|n E'b&  8P!|nZA_@A_ HeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**he[} E'b&  8P![}ZA_@A_ HeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**he E'b&  8P!ZA_@A_eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**he E'b&  8P!ZA_@A_eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**he  E'b&  8P! ZA_A_ eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**heO E'b&  8P!OZA_A_ eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**he] E'b&  8P!]ZA_A_ eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**he] E'b&  8P!]ZA_A_ eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aM  E'b&  8P!>M ZA_:HA_,eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aicyh**xeJ  E'b&  8P!!jJ ZA_IA_(eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5ad3f65b-0ed0-4a69-b495-948e17829776 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 3f27f8e6-d64f-484c-bb17-819f8c284277 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8x**he  E'b&  8P! ZA_HA_T  eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**he  E'b&  8P! ZA_HA_T  eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**heJ E'b&  8P!JZA_A_eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**heI E'b&  8P!IZA_A_eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**he  E'b&  8P! ZA_HA_P eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**he E'b&  8P!ZA_HA_P eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**xe: E'b&  8P!!j:ZA_{A_8 eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1fb6a79a-98df-4e78-acba-ebb12614c886 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1bba0424-7503-4f9b-8034-c4016799196c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ntx**hec E'b&  8P!cZA_HA_<eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**heo E'b&  8P!oZA_HA_<eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**he E'b&  8P!ZA_HA_h eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**he@ E'b&  8P!@ZA_HA_h eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**xff E'b&  8P!!jfZA_vIA_h ` fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 586e9c94-f174-4fbb-a096-35d8e79f01ad Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b7b0ed15-0dec-4e07-90a8-4100e1a645ed Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hf] E'b&  8P!]ZA_A_4 fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hf# E'b&  8P!#ZA_A_4 fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hfh E'b&  8P!hZA_IA_ fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hfQw E'b&  8P!QwZA_IA_ fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hf1 E'b&  8P!1ZA_IA_` fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hf E'b&  8P!ZA_FA_fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hfVq E'b&  8P!VqZA_IA_` fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hf E'b&  8P!ZA_FA_fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h f  E'b&  8P! ZA_A_ fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**h fט* E'b&  8P!ט*ZA_A_ fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh** f.@ E'b&  8P]!j.@ZA_A_T fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 23b64024-71ef-45ee-8979-9b3d057da22d Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-dsxdt5fi.mkp.ps1 Engine Version = 4.0 Runspace ID = 64f44d96-e53c-432f-9176-ea4762c7350f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. H7P**h f؎L E'b&  8P!؎LZA_A_  fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a?Ph**h fZzX E'b&  8P!ZzXZA_A_  fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at+Ph**xfbط E'b&  8P!!jbطZA_JA_ @ fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c4f2c405-58ad-4cb6-9309-25b832cdd86c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0b541d39-f2f6-4e32-8fb3-372d01bc60df Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rAx**hf% E'b&  8P!%ZA_JA_<fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aacAh**hf E'b&  8P!ZA_JA_<fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ h**hf, E'b&  8P!,ZA_JA_`LfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aed h**hf8 E'b&  8P!8ZA_JA_`LfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ableh**hfR E'b&  8P!RZA_JA_  fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hf|^ E'b&  8P!|^ZA_JA_  fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**xf5 E'b&  8P!!j5ZA_=KA_ PfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8d8f70ef-c9f7-45bf-b0f0-95b387f07c63 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 911563af-c1a5-4ec2-b638-5d8459a3c451 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rAx**hfv# E'b&  8P!v#ZA_AKA_< lfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aacAh**hfނ# E'b&  8P!ނ#ZA_AKA_< lfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ h**hfU. E'b&  8P!U.ZA_BKA_< $fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aed h**hfmA. E'b&  8P!mA.ZA_BKA_< $fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ableh**hfB. E'b&  8P!B.ZA_A_ , fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hfw.. E'b&  8P!w..ZA_A_ , fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h Comm E'b&  8P jC/ZA_A_ L fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ E'b&  8P!MZA_(EA_ eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a erh**heOY E'b&  8P!OYZA_(EA_ eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**he5w E'b&  8P!5wZA_A_,xeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**heW E'b&  8P!WZA_A_,xeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah@ E'b&  8Pctj=\ZA_A_,deMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @icrosoft-Windows-PowerShell/Operational @-4a82-a0c4-7d4ea69e37b1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x  8Prational &ElfChnkfgffgfxq(P=f?mMF&a**fC/ E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jC/ZA_A_ L fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = bf1fda67-34c5-4ae9-a9da-d28f53d74ebe Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b2336ac8-d61c-454c-ac87-36ca273d5b26 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ) {**f[l/ E'b&  8P9![l/ZA_A_fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c((-**hfFx/ E'b&  8P!Fx/ZA_A_fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**hf l2 E'b&  8P! l2ZA_$A_t D fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**h fsy2 E'b&  8P!sy2ZA_$A_t D fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**h!fe2 E'b&  8P!e2ZA_fLA_8 !fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**h"f2 E'b&  8P!2ZA_fLA_8 "fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**x#f}3 E'b&  8P!!j}3ZA_MA_l #fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3662f24f-b0e2-4c6a-98c9-4ad74273866f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9c3fcb58-091e-47ef-9887-9c252cdb8360 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**h$f(3 E'b&  8P!(3ZA_MA_h$fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h%f33 E'b&  8P!33ZA_MA_h%fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h&fN3 E'b&  8P!N3ZA_ MA_t&fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h'f{[3 E'b&  8P!{[3ZA_ MA_t'fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**x(f%3 E'b&  8P!!j%3ZA_@MA_t (fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 37a3226b-ff1a-4d44-9060-61bd8407cb82 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = fcb025ed-c721-4b59-998c-016dda7ac23c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. fA E'b&  8P!AZA_OA_>fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h?fmM E'b&  8P!mMZA_OA_?fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h@fh E'b&  8P!hZA_A_\ @fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hAft E'b&  8P!tZA_A_\ AfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**xBfƵܘ E'b&  8P!!jƵܘZA_8A_, BfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4f80bb98-dd2e-4aa3-acdf-56cf9ebf3092 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 80f21697-7698-4de4-a5f6-d888c5752316 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hCf  E'b&  8P! ZA_m E'b&  8P!!j>mZA_xA_ fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = fad916c6-bf75-434e-9b6c-bee1460988c6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 19f2f881-7722-4470-87c1-dae37ba09be2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ntx**hf9Cdm E'b&  8P!9CdmZA_mWA_L fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hf/pm E'b&  8P!/pmZA_mWA_L fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hfm E'b&  8P!mZA_sWA_(fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hf`m E'b&  8P!`mZA_sWA_(fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Winh**xf@m E'b&  8P!!j@mZA_A_(fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3fd31ff2-bcb4-4b7a-9ab1-be768ad1f468 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c0c6e102-0f68-4e7e-b829-0ada1dcdd811 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Gx**hf0n E'b&  8P!0nZA_A_ fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-anh**hf!n E'b&  8P!!nZA_A_ fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &y -h**hf{n E'b&  8P!{nZA_FXA_ xfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hfӇn E'b&  8P!ӇnZA_FXA_ xfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hf7n E'b&  8P!7nZA_GXA_8 fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hf-n E'b&  8P!-nZA_GXA_8 fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hfn E'b&  8P!nZA_zA_lfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hf1n E'b&  8P!1nZA_zA_lfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hfޛ E'b&  8P!ޛZA_-A_, fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hf. E'b&  8P!.ZA_-A_, fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hf8 E'b&  8P!8ZA_YA_T fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hf E'b&  8P!ZA_YA_T fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hfA) E'b&  8P!A)ZA_hA_tfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**hf] E'b&  8P!]ZA_hA_tfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**xfMD  E'b&  8P!!jMD ZA_MYA_fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f92f7ef6-c582-4a1b-bf7d-e5b3ebe3b0e7 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = edccb025-09a4-49cf-9c5a-6f6e7bf442d2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hfv^  E'b&  8P!v^ ZA_QYA_4 fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hf+vj  E'b&  8P!+vj ZA_QYA_4 fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hf,  E'b&  8P!, ZA_YA_dfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hf  E'b&  8P! ZA_YA_dfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hf! E'b&  8P!!ZA_A_p` fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**hfv! E'b&  8P!v!ZA_A_p` fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hf ! E'b&  8P! !ZA_(ZA_ fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**hf! E'b&  8P!!ZA_(ZA_ fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah** fC! E'b&  8P !jC!ZA_*ZA_ fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  "p Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c7eed5e3-4eac-459b-b43e-302da4c8c37d Host Application = powershell.exe -NoProfile -NonInteractive -Command try { $ErrorActionPreference = "Stop" $ProgressPreference = "SilentlyContinue" $modules = Get-InstalledModule -ErrorAction SilentlyContinue if ($modules) { foreach ($mod in $modules) { [PSCustomObject]@{ Name = $mod.Name Version = $mod.Version.ToString() Repository = $mod.Repository Author = $mod.Author } | ConvertTo-Json -Compress Write-Output "---SEPARATOR---" } } } catch { Write-Error $_.Exception.Message; exit 1 } Engine Version = 4.0 Runspace ID = 837a8861-65ac-47c0-9336-3ffdebf5682f Pipeline ID = 1 Command Name = Command Type = Script Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The term 'Get-InstalledModule' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Fully Qualified Error ID = Microsoft.PowerShell.Commands.WriteErrorException t-W **hf" E'b&  8P!"ZA_A_ < fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hfL" E'b&  8P!L"ZA_A_ < fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hfAm E'b&  8P!AmZA_yZA_dfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hfm E'b&  8P!mZA_yZA_dfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hfcuҦ E'b&  8P!cuҦZA_A_L fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &54ah**hf}Ҧ E'b&  8P!}ҦZA_A_L fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**hfҦ E'b&  8P!ҦZA_ZA_X fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**hfeBҦ E'b&  8P!eBҦZA_ZA_X fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &orAhion Silently E'b&  8P ijWӦZA_A_X fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4c0ba724-070e-4278-a126-03c63109756e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**hff] E'b&  8P!]ZA_sA_LffMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aComh**hgfn] E'b&  8P!n]ZA_sA_LgfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &assah = System er E'b&  8Prational &ElfChnkf gf g`Du)4(P=f?mMF&a**fWӦ E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jWӦZA_A_X fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0def7560-1055-40c2-85e5-44a86c422477 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 54a125da-cc7e-4c66-a553-861b6c6cb731 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. **f70Ӧ E'b&  8P9!70ӦZA_A_(fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c( S**hf3<Ӧ E'b&  8P!3<ӦZA_A_(fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hf Ӧ E'b&  8P! ӦZA_ZA_dfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hfSӦ E'b&  8P!SӦZA_ZA_dfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**hfti=a E'b&  8P!ti=aZA_A_`fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hfhGa E'b&  8P!hGaZA_A_`fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hfr E'b&  8P!rZA_[A_0 fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hfir E'b&  8P!irZA_[A_0 fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hf{ E'b&  8P!{ZA_A_ fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hf{ E'b&  8P!{ZA_A_ fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hf<"| E'b&  8P!<"|ZA_[A_8fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hf.| E'b&  8P!.|ZA_[A_8fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**xf| E'b&  8P!!j|ZA_X\A_LfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = dbcc6f1b-efaa-41fb-a167-8dbd8fbaeb7e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = aed4fc6d-ffc7-446f-addf-2a37095bf0e0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hfUݻ| E'b&  8P!Uݻ|ZA_Y\A_|tfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hfJ| E'b&  8P!J|ZA_Y\A_|tfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hf#b E'b&  8P!#bZA_A_8 fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hf/fl E'b&  8P!/flZA_A_8 fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hfԌ E'b&  8P!ԌZA_\A_,LfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hfޚ E'b&  8P!ޚZA_\A_,LfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**xfW E'b&  8P!!jWZA_A_,fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5eba2d6e-41f5-4032-8766-b36d7256c10b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 80119208-0172-4ce8-8a71-b3d62ece6858 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hf! E'b&  8P!!ZA_\A_ l fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hf- E'b&  8P!-ZA_\A_ l fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hf I E'b&  8P! IZA_\A_@@ fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hfݍU E'b&  8P!ݍUZA_\A_@@ fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**xf[ E'b&  8P!!j[ZA_A_@fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 27c7f998-4aa2-48db-9c47-6e364a2a7b84 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 2823f712-e0fe-49a5-9a6e-3f3842d24dd5 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ' E'b&  8P!I>'ZA_A_TgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hg*3 E'b&  8P!*3ZA_A_TgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hgvN E'b&  8P!vNZA_mbA_ gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h g$ Z E'b&  8P!$ ZZA_mbA_  gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aL h**x g E'b&  8P!!jZA_;A_ l gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7fc192d8-66ae-4c4b-ba8a-df7e6e27dc80 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 19f3525d-329d-46d3-95dd-98b07df1d9ff Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h gDԗ E'b&  8P!DԗZA_Ӟ E'b&  8P!>ӞZA_)A_L gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**hgr*ߞ E'b&  8P!r*ߞZA_)A_L gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**xgz> E'b&  8P!!jz>ZA_A_L@ gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 54db88f8-c5c7-413e-8201-80cc22c5d906 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6239293d-efa7-4379-ba3a-ab7028a57576 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**hgX E'b&  8P!XZA_A_gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hg' E'b&  8P!'ZA_A_gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hgfTܵ E'b&  8P!fTܵZA_A_ gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hg~@赩 E'b&  8P!~@赩ZA_A_ gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &725h**hg E'b&  8P!ZA_IdA_gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**hg>+ E'b&  8P!>+ZA_IdA_gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**x gU@ E'b&  8P!!jU@ZA_A_` gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4fbb0e84-808d-42b8-98a6-8f13f08ca196 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7c4b59e8-a1d5-4336-acb5-d104a7fc6940 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**h!gbұ E'b&  8P!bұZA_eA_l8!gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h"g E'b&  8P!ZA_eA_l8"gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &4a2h**h#gy E'b&  8P!yZA_?A_ 4#gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**h$gķ E'b&  8P!ķZA_?A_ 4$gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**h%g/ ׹ E'b&  8P!/ ׹ZA__A_|$%gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &orAh**h&g+⹩ E'b&  8P!+⹩ZA__A_|$&gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &acAh**x'g7FD E'b&  8P!!j7FDZA_A_|4'gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ede42ced-633a-46d2-881f-ad523f615c40 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c2d66671-2d97-4ec1-b351-3dd66ffcc236 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**h(g, h E'b&  8P!, hZA_eA_T(gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h)g$ E'b&  8P!$ZA_eA_T)gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h*g㞺 E'b&  8P!㞺ZA_A_xh *gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h+gЪ E'b&  8P!ЪZA_A_xh +gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**x,g  E'b&  8P!!j ZA_MfA_x ,gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 79c820ac-b318-4888-957c-4d318ed6cf3c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a4e9f23f-2c7a-4a7e-91d8-ef090c553dfc Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. orx**h-gk$ E'b&  8P!k$ZA_`A_ |-gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &etwh**h.g$0 E'b&  8P!$0ZA_`A_ |.gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atch**h/ggC E'b&  8P!gCZA_ofA_  /gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ameh**h0gϕ E'b&  8P!ϕZA_ofA_  0gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &helh**h1gwÛ E'b&  8P!wÛZA_rfA_h1gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h2gX& E'b&  8P!X&ZA_A_ 2gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h3g© E'b&  8P!©ZA_rfA_h3gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h4gY  E'b&  8P!Y ZA_A_ 4gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h5gAP E'b&  8P!APZA_fA_,  5gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h6g=NP E'b&  8P!=NPZA_fA_,  6gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h7g1l E'b&  8P!1lZA_fA_<7gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h8g Xl E'b&  8P! XlZA_fA_<8gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h9gl E'b&  8P!lZA_fA_,9gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h:gtl E'b&  8P!tlZA_fA_,:gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**x;gO_m E'b&  8P!!jO_mZA__A_;gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0638f13b-1569-44e1-8ed9-e912ae127ffa Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = dd2692a4-7b21-43ac-b2ed-37806e33a5ec Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. elx**hgOm E'b&  8P!OmZA_A_,>gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h?gm E'b&  8P!mZA_A_,?gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h@g3 E'b&  8P!3ZA_A_ @gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hAg% E'b&  8P!%ZA_A_ AgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hBg΀ E'b&  8P!΀ZA_A_ BgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hCg E'b&  8P!ZA_A_ CgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hDg< E'b&  8P!<ZA_hA_04 DgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hEg E'b&  8P!ZA_hA_04 EgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**xFg7  E'b&  8P!!j7 ZA_SA_0 FgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3ca39e06-bf66-49a6-9494-ad289239beb7 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 816a4849-9568-44d9-8f09-b207a4f661f1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. orx**hGg&P  E'b&  8P!&P ZA_TA_ GgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &etwh**hHg\  E'b&  8P!\ ZA_TA_ HgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atch**hIg;  E'b&  8P!; ZA_A_t IgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ameh**hJg¬  E'b&  8P!¬ ZA_A_t JgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &helh**hKgP䵫 E'b&  8P!P䵫ZA_pA_p KgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hLg  E'b&  8P! ZA_pA_p LgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hMgME๫ E'b&  8P!ME๫ZA_A_,lMgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hNg E'b&  8P!ZA_A_,lNgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hOgSs« E'b&  8P!Ss«ZA_A_0 OgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hPg~« E'b&  8P!~«ZA_A_0 PgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hQgԁ« E'b&  8P!ԁ«ZA_A_ QgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hRg« E'b&  8P!«ZA_A_ RgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &f12h**xSggDë E'b&  8P!!jgDëZA_iA_ SgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f26ce4d3-12e9-4a69-a46b-5118c8513293 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f36cc976-fedd-4442-9129-fe906338f9d3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**hTglë E'b&  8P!lëZA_?A_DTgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hUgùxë E'b&  8P!ùxëZA_?A_DUgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hVg_7ʫ E'b&  8P!_7ʫZA_A_XdVgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hWg@!ʫ E'b&  8P!@!ʫZA_A_XdWgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &6e2h**hXg"}Dʫ E'b&  8P!"}DʫZA_iA_ XgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**hYguQʫ E'b&  8P!uQʫZA_iA_ YgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd ht-NetAdapter E'b&  8PrejʫZA_njA_$ ZgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ion SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 19f3525d-329d-46d3-95dd-98b07df1d9ff Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h gDԗ E'b&  8P!DԗZA_}D E'b&  8P!>}DZA_tA_ <gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aon h**hgy3E E'b&  8P!y3EZA_dA_ gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aSelh**hg??E E'b&  8P!??EZA_dA_ gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hg E'b&  8P!ZA_.A_p<gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hgl E'b&  8P!lZA_.A_p<gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hg3 E'b&  8P!3ZA_wuA_DgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hg E'b&  8P!ZA_wuA_DgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hg E'b&  8P!ZA_~uA_h\ gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hgX> E'b&  8P!X>ZA_~uA_h\ gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hgy  E'b&  8P!y ZA_uA_ gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hgc E'b&  8P!cZA_uA_ gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**xg^~ E'b&  8P!!j^~ZA_3vA_ DgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2cca17e1-394d-49ca-9da5-61bedcee27fb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e14f9e1f-d642-45e0-bb32-e4b1f6a955ee Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. anx**hg4 E'b&  8P!4ZA_A_ `gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ay -h**hgEx E'b&  8P!ExZA_A_ `gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hg? E'b&  8P!?ZA_vA_8 gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hg E'b&  8P!ZA_vA_8 gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hg= E'b&  8P!=ZA_vA_ gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hg  E'b&  8P! ZA_vA_ gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xg0wh E'b&  8P!!j0whZA_wA_ (gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1041938e-ae52-4cae-8a3c-306027c2795e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ff265d06-dae0-4f46-8f40-41626de67b59 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. anx**hg E'b&  8P!ZA_vA_gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ay -h**hgy* E'b&  8P!y*ZA_vA_gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hg=k E'b&  8P!=kZA_|A_08 gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hgm E'b&  8P!mZA_|A_08 gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hgp. E'b&  8P!p.ZA_A_dgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hg< E'b&  8P!<ZA_A_dgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hg?D= E'b&  8P!?D=ZA_A_ gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hgO+I E'b&  8P!O+IZA_A_ gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xgO E'b&  8P!!jOZA_xxA_gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 194544a5-48a7-4b86-b5ee-d7fecf1f12a9 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a15562ce-381d-4064-a438-181da9aff836 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hg^ E'b&  8P!^ZA_zxA_gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hgIK E'b&  8P!IKZA_zxA_gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hg E'b&  8P!ZA_xA_ gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hgz E'b&  8P!zZA_xA_ gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xgf E'b&  8P!!jfZA_yA_gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9b86ce8e-9616-43f9-8537-b30e32903408 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c025db9b-8ce3-49f2-bad0-da6e529c0cae Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. a-x**hg E'b&  8P!ZA_A_` gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**hgt E'b&  8P!tZA_A_` gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**hg  E'b&  8P! ZA_byA_gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hgf E'b&  8P!fZA_byA_gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hg E'b&  8P!ZA_A_< gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hg E'b&  8P!ZA_A_< gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hg\ E'b&  8P!\ZA_A_4gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hg E'b&  8P!ZA_A_4gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hg E'b&  8P!ZA_yA_tgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hg E'b&  8P!ZA_yA_tgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hgO E'b&  8P!OZA_A_ gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hgK% E'b&  8P!K%ZA_A_ gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hg5@ E'b&  8P!5@ZA_1zA_ | gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hgL E'b&  8P!LZA_1zA_ | gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xgAK E'b&  8P!!jAKZA_nzA_ ( gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5cce0384-c520-493e-8252-7b3f6dadd23e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 35e576e4-c2e3-440f-bee5-eb0e44bcc152 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hgѰ E'b&  8P!ѰZA_ozA_0 gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hgvݰ E'b&  8P!vݰZA_ozA_0 gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hgF E'b&  8P!FZA_zA_t  gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hg_Q E'b&  8P!_QZA_zA_t  gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hg 縰 E'b&  8P! 縰ZA_YA_@gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hg E'b&  8P!ZA_YA_@gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hg{eL E'b&  8P!{eLZA_A_gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hgnjpL E'b&  8P!njpLZA_A_gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hg b E'b&  8P! bZA_A_ \ gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hg4 b E'b&  8P!4 bZA_A_ \ gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hg- c E'b&  8P!- cZA_A_gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hgWc E'b&  8P!WcZA_A_gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**xgNc E'b&  8P!!jNcZA_|A_lgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7f5e2fd0-5f52-4e73-8155-05f5bce1b110 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5a1ae6ec-5a4e-4524-a2ee-72ddd06fe60d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hgc E'b&  8P!cZA_|A_X gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hg}c E'b&  8P!}cZA_|A_X gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hgs'd E'b&  8P!s'dZA_\|A_0gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hg,_3d E'b&  8P!,_3dZA_\|A_0gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hg66 E'b&  8P!66ZA_A_ hgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hg B E'b&  8P! BZA_A_ hgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hgW E'b&  8P!WZA_bA_ gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hgc E'b&  8P!cZA_bA_ gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hg4  E'b&  8P!4 ZA_}A_gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hg  E'b&  8P! ZA_}A_gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**gI  E'b&  8P]!jI ZA_"}A_T gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e166c32f-2815-4238-92ce-95b65e99deaf Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-hlvtrusc.xst.ps1 Engine Version = 4.0 Runspace ID = feb36336-ced6-495d-9559-2267c3eb52e4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. { **hgt  E'b&  8P!t ZA_A_d gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aed h**hgB  E'b&  8P!B ZA_A_d gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ableh**xg)v  E'b&  8P!!j)v ZA_}A_dgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 57489201-4fd2-47f7-9e9d-8d993c924890 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e634a69b-9231-4c3d-9685-485117383764 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**hgw  E'b&  8P!w ZA_}A_4 gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hgD  E'b&  8P!D ZA_}A_4 gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hgM E'b&  8P!MZA_}A_8 gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aacAh**hgY E'b&  8P!YZA_}A_8 gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ h**hgq E'b&  8P!qZA_}A_xgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aed h**hg #| E'b&  8P! #|ZA_}A_xgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ableh-and $_.Defa E'b&  8PObj2ZA_~A_ gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ngine Version = 4.0 Runspace ID = 19f3525d-329d-46d3-95dd-98b07df1d9ff Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h gDԗ E'b&  8P!DԗZA_& E'b&  8P!>&ZA_~A_8 $ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xhާ& E'b&  8P!!jާ&ZA_/A_8 hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0b0a8ebc-e037-491d-8235-324fb68ea6e5 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a014f130-f004-47b0-9b55-01b79f50f86a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hh~,& E'b&  8P!~,&ZA_A_hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hh8& E'b&  8P!8&ZA_A_hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h hC3 E'b&  8P!C3ZA_BA_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h h /4 E'b&  8P! /4ZA_BA_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h ht4 E'b&  8P!t4ZA_A_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h h2*4 E'b&  8P!2*4ZA_A_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aanh**x hVd4 E'b&  8P!!jVd4ZA_A_h hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a034bdb9-2f5b-4fd6-9cc0-28a764e75efe Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = fbfd08bd-72fa-4a4a-aab9-5af35e4c232e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hh4 E'b&  8P!4ZA_A_8 hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hh0n4 E'b&  8P!0n4ZA_A_8 hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hhD4 E'b&  8P!D4ZA_A_th hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hh04 E'b&  8P!04ZA_A_th hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**xhZ5 E'b&  8P!!jZ5ZA_A_tp hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a6b66157-a765-42e8-89c8-e4ce6d850375 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = bd4b763c-414b-4deb-9b3e-2d20f813040e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 6-x**hhfit5 E'b&  8P!fit5ZA_A_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**hh5 E'b&  8P!5ZA_A_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**hh/5 E'b&  8P!/5ZA_A_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hhٓ5 E'b&  8P!ٓ5ZA_A_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hh )9 E'b&  8P! )9ZA_-A_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hh49 E'b&  8P!49ZA_-A_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hhRH9 E'b&  8P!RH9ZA_A_@ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hh2T9 E'b&  8P!2T9ZA_A_@ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hhHղ E'b&  8P!HղZA_A_X xhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hhfղ E'b&  8P!fղZA_A_X xhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**hh" E'b&  8P!"ZA_A_8 hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hh! E'b&  8P!!ZA_A_8 hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hh͙# E'b&  8P!͙#ZA_A_ | hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h h[K- E'b&  8P![K-ZA_A_ | hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**x!ho E'b&  8P!!joZA_8A_ , !hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0c37794b-a2e9-4158-8297-e67c19745695 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0f35f186-3f5e-46ae-97b4-e8e7dd56295d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. a-x**h"hl E'b&  8P!lZA_h= E'b&  8P!!j=ZA_8A_$p>hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0e2f8aba-f35d-4c26-9509-bfef5ab971e3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c734573d-2ea0-46a2-89d5-cf73e3b2cb7c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8-x**h?h > E'b&  8P! >ZA_ E'b&  8P!Ov>ZA_ E'b&  8P!g3>ZA_܄A_p| AhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a erh**hBh9S?> E'b&  8P!9S?>ZA_܄A_p| BhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**xChU> E'b&  8P!!jU>ZA_9A_p ChMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6ce31dc7-2900-4d5e-8eaf-d53204d197d7 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 52f62480-dbe6-4d8d-9094-241c34d6b5dd Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. = x**hDh> E'b&  8P!>ZA_A_ DhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aem h**hEhj> E'b&  8P!j>ZA_A_ EhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**hFh:u!? E'b&  8P!:u!?ZA_!A_ FhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**hGhy-? E'b&  8P!y-?ZA_!A_ GhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**hHh^e2? E'b&  8P!^e2?ZA_"A_| HhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**hIhG+A? E'b&  8P!G+A?ZA_"A_| IhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**hJhWA? E'b&  8P!WA?ZA_A_@ JhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**hKh[M? E'b&  8P![M?ZA_A_@ KhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**hLh$zʴ E'b&  8P!$zʴZA_eA_LhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hMh/ʴ E'b&  8P!/ʴZA_eA_MhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hNhL E'b&  8P!LZA_A_ NhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah  8Prational &ElfChnkOhhOhh`DgV( =f?mMF &**XOhX E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!XZA_A_ OhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hPh v E'b&  8P! vZA_A_,@ PhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hQhO E'b&  8P!OZA_A_,@ QhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**@Rh) E'b&  8P!j)ZA_A_, RhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  p;)(A? oData= ContextInfo A' =UserData A% =Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = db8884ea-1e2f-444f-b7f4-1546f658b96e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 394bf554-ab52-4e1d-850f-8d35eefc7b13 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. l@**hSh E'b&  8P!ZA_A_`@ShMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hTh& E'b&  8P!&ZA_A_`@ThMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hUhd E'b&  8P!dZA_A_ UhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hVhO E'b&  8P!OZA_A_ VhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hWhXPK} E'b&  8P!XPK}ZA_A_h WhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hXh|`Y} E'b&  8P!|`Y}ZA_A_h XhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hYhEn E'b&  8P!EnZA_A_ YhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hZhY( E'b&  8P!Y(ZA_A_ ZhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h[hD E'b&  8P!DZA_A_ [hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h\hP E'b&  8P!PZA_A_ \hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**x]h,eˣ E'b&  8P!!j,eˣZA_hA_D ]hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 70f0b249-2849-4444-9cf8-cde9748ba19c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 19e9088e-1f9b-4fbd-b09e-a24e997e7c3b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h^h1䣵 E'b&  8P!1䣵ZA_iA_ ^hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h_h6 E'b&  8P!6ZA_iA_ _hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h`heT E'b&  8P!eTZA_A_ `hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hah` E'b&  8P!`ZA_A_ ahMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hbhD50 E'b&  8P!D50ZA_DA_ xbhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hch-0 E'b&  8P!-0ZA_DA_ xchMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hdhWB E'b&  8P!WBZA_A_dhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**heh{ZB E'b&  8P!{ZBZA_A_ehMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hfh D E'b&  8P! DZA_A_,xfhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hghD E'b&  8P!DZA_A_,xghMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hhhI+K E'b&  8P!I+KZA_A_hhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hih&7K E'b&  8P!&7KZA_A_ihMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hjhtK E'b&  8P!tKZA_A_ jhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hkhK E'b&  8P!KZA_A_ khMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xlhL E'b&  8P!!jLZA_zA_lhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 08bd71d5-09e2-43c8-88e1-f9c58bc322f6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = dc0234c4-255c-43fd-ba4a-94a78ac1a063 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. uex**hmhS.L E'b&  8P!S.LZA_A_4 mhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hnhg?:L E'b&  8P!g?:LZA_A_4 nhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hohuP E'b&  8P!uPZA_9A_ ohMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hphjWQ E'b&  8P!S>WQZA_A_4 $ vhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hwh*cQ E'b&  8P!*cQZA_A_4 $ whMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hxhNQ E'b&  8P!NQZA_͈A_xhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hyh:Q E'b&  8P!:QZA_͈A_yhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**xzhQ E'b&  8P!!jQZA_^A_DzhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 91f0fb5a-0b09-4ace-a627-395f23e2849a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f477f926-05b3-49fa-8821-f2b5ee2236f5 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Scx**h{hS R E'b&  8P!S RZA__A_ P{hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h|hR E'b&  8P!RZA__A_ P|hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h}hOR E'b&  8P!ORZA_A_ }hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h~hd\R E'b&  8P!d\RZA_A_ ~hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hhpR E'b&  8P!pRZA_A_hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hh70}R E'b&  8P!70}RZA_A_hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hhR E'b&  8P!RZA_+A_T hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hhԑR E'b&  8P!ԑRZA_+A_T hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hh E'b&  8P!ZA_xA_(8hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hh E'b&  8P!ZA_xA_(8hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hh E'b&  8P!ZA_A_d T hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hhm E'b&  8P!mZA_A_d T hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hh E'b&  8P!ZA_A_D @hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hh E'b&  8P!ZA_A_D @hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xhD E'b&  8P!!jDZA_A_D hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 83b55d4c-bb38-40ab-b30a-b9c0e4ad1cff Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e8aa7bd5-6694-47b2-bbb4-65bad89338f6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**hh_ E'b&  8P!_ZA_A_l hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hh>l E'b&  8P!>lZA_A_l hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hh E'b&  8P!ZA_A_P hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hh E'b&  8P!ZA_A_P hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hh! E'b&  8P!!ZA_A_` hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hhǕ E'b&  8P!ǕZA_A_` hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hhBf E'b&  8P!BfZA_ԋA_hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hh.r E'b&  8P!.rZA_ԋA_hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hh E'b&  8P!ZA_ًA_ \ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hho嚶 E'b&  8P!o嚶ZA_ًA_ \ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xh& E'b&  8P!!j&ZA_$A_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c7ef548b-ebd1-435d-93a0-2b9c8003aa05 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 57928932-a9f5-4e6b-a1f9-39218d6d2175 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. anx**hh(A E'b&  8P!(AZA_ A_hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hh7eM E'b&  8P!7eMZA_ A_hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hh> E'b&  8P!>ZA_ČA_<8 hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hh E'b&  8P!ZA_ČA_<8 hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hhщH E'b&  8P!щHZA_ A_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hhݚH E'b&  8P!ݚHZA_ A_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hh9[ E'b&  8P!9[ZA_l A_0hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hhD[ E'b&  8P!D[ZA_l A_0hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hh4=d E'b&  8P!4=dZA_` E'b&  8P!>`ZA_nA_thMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a -h**hhda E'b&  8P!daZA_nA_thMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hh `s E'b&  8P! `sZA_ A_hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hhqks E'b&  8P!qksZA_ A_hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hhPc| E'b&  8P!Pc|ZA_BA_\ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**hh&| E'b&  8P!&|ZA_BA_\ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hhON| E'b&  8P!ON|ZA_A_@ (hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hh8uZ| E'b&  8P!8uZ|ZA_A_@ (hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**xh|| E'b&  8P!!j||ZA_đA_@ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b3b073f1-71b5-45d1-88b9-c81423807e84 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 05163a1c-7451-46c8-837f-7256570dc1de Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rsx**hh'} E'b&  8P!'}ZA_)A_ <hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hh, } E'b&  8P!, }ZA_)A_ <hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hhS E'b&  8P!SZA_?A_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hh. E'b&  8P!.ZA_?A_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hhL E'b&  8P!LZA_A_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hhA  E'b&  8P!A ZA_A_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**xhm E'b&  8P!!jmZA_A_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 35854b9b-c2cc-442f-8b01-81acf977c97e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a36f144a-5ccb-414a-967b-d001762cd543 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -nx**hhq℺ E'b&  8P!q℺ZA_)A_ThMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hhb E'b&  8P!bZA_)A_ThMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h; E'b&  8P]!j;ZA_.A_ThMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9645b0a8-39e1-4e3b-b580-3a6ad850c11c Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-cmklfpdu.ham.ps1 Engine Version = 4.0 Runspace ID = 7bf5c6e3-83f0-45a7-b541-e3aa5fa767a3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ft-W**hh E'b&  8P!ZA_A_thMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hhXe E'b&  8P!XeZA_A_thMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**xhH E'b&  8P!!jHZA_A_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 331cff26-f645-434f-873f-49138dd8532f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 618ea459-2186-40a0-9c7a-1617c8819105 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 00x**hhd E'b&  8P!dZA_A_hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a cah**hhÅ E'b&  8P!ÅZA_A_hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aworh**hh E'b&  8P!ZA_ A_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetwh**hhM E'b&  8P!MZA_ A_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aatch**hhO E'b&  8P!OZA_ A_0 |hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aameh**hhŇ E'b&  8P!ŇZA_ A_0 |hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahelh**xhn' E'b&  8P!!jn'ZA_mA_0 thMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c5bf2a48-5635-4d04-8fb0-1b9344206686 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 967430b6-2a76-40b3-bfef-fecc7fe073d3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hhQ6 E'b&  8P!Q6ZA_qA_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hh" E'b&  8P!"ZA_qA_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a 4.h**hhQ E'b&  8P!QZA_œA_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aferh**hh] E'b&  8P!]ZA_œA_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atrih**hhH E'b&  8P!HZA_ȓA_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetAh**hh3 E'b&  8P!3ZA_ȓA_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a'00h**xhj  E'b&  8P!!jj ZA_'A_hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c2289667-7982-4106-8176-dd2d1619f422 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 76540cb8-063c-4b91-9686-ca6ee8f1bc08 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hh5 E'b&  8P!5ZA_(A_T hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hhA E'b&  8P!AZA_(A_T hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Whdows-PowerSh E'b&  8Prational &ElfChnkhBihBi8?n7(=f?mMF&**Xh E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!ZA_`A_ 4 hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hha E'b&  8P!aZA_`A_ 4 hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hh E'b&  8P!ZA_<A_ \ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**hh^ E'b&  8P!^ZA_<A_ \ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**hhC E'b&  8P!CZA_A_ thMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**hhP5R E'b&  8P!P5RZA_A_ thMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &00-h**@h E'b&  8P!jZA_A_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 080ffdff-28a2-4b42-ae12-ba59f93211c7 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 2ec9185e-7c0c-40d6-9466-d057dd434e2e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. s@**hh~ߧ E'b&  8P!~ߧZA_A_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hhz E'b&  8P!zZA_A_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hh  E'b&  8P! ZA_ʔA_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hh  E'b&  8P! ZA_ʔA_ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**xhHx E'b&  8P!!jHxZA_4A_ D hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 70819ce6-d805-4230-b1ca-8bcc1e20b619 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9fcc82b4-f02c-4c5c-b25c-e4490c6e8865 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. {x**hi E'b&  8P!ZA_6A_@iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hit E'b&  8P!tZA_6A_@iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hiwܨ E'b&  8P!wܨZA_A_X iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hiV쨺 E'b&  8P!V쨺ZA_A_X iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hi6 E'b&  8P!6ZA_A_( \ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hi,  E'b&  8P!, ZA_A_( \ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hii E'b&  8P!iZA_A_0 iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hiRr E'b&  8P!RrZA_A_0 iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hi57 E'b&  8P!57ZA_֕A_l$ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h iMY7 E'b&  8P!MY7ZA_֕A_l$ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h iZ E'b&  8P!ZZA_A_ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h i*Z E'b&  8P!*ZZA_A_ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h iHZ E'b&  8P!HZZA_iA_$  iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h ivTZ E'b&  8P!vTZZA_iA_$  iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**xiRZ E'b&  8P!!jRZZA_A_$ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7e020494-da8b-4671-a0b0-a22da4d13dfc Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7d12ffe5-1688-471e-900b-97ee81b65a93 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. {x**hi5Z E'b&  8P!5ZZA_A_ L iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hi uZ E'b&  8P! uZZA_A_ L iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hi*K[ E'b&  8P!*K[ZA_PA_ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ueh**hiV[ E'b&  8P!V[ZA_PA_ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hiO^ E'b&  8P!O^ZA_A_ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hixrj E'b&  8P!xrjZA_A_ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hi%  E'b&  8P!% ZA_kA_ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hin  E'b&  8P!n ZA_kA_ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hi>I  E'b&  8P!>I ZA_uA_4 iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hiJ$  E'b&  8P!J$ ZA_uA_4 iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**xiI  E'b&  8P!!jI ZA_$A_ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 19bf82fd-a9b9-473c-a3c6-11b962abb995 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 2f73af71-3e7c-4e4d-933a-66ce7da822b3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Scx**hi`  E'b&  8P!` ZA_A_iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & -h**hiޙ  E'b&  8P!ޙ ZA_A_iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hi $ E'b&  8P! $ZA_`A_ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hi/ E'b&  8P!/ZA_`A_ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hih/ E'b&  8P!h/ZA_A_iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hi^< E'b&  8P!^<ZA_A_iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h ii E'b&  8P!iZA_A_ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h!i0x E'b&  8P!0xZA_A_ !iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h"iz\ E'b&  8P!z\ZA_ A_< X "iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h#ij E'b&  8P!jZA_ A_< X #iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h$i E'b&  8P!ZA_aA_$iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h%iRw E'b&  8P!RwZA_aA_%iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**x&i[5 E'b&  8P!!j[5ZA_!A_&iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 810cec8a-022c-4646-9f30-cbb746f9512f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 85705dda-dbce-4e89-96bd-303df238a232 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h'i9c E'b&  8P!9cZA_!A_ @'iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h(ip E'b&  8P!pZA_!A_ @(iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h)i E'b&  8P!ZA_A_H T )iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h*iϥ E'b&  8P!ϥZA_A_H T *iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**+i E'b&  8P]!jZA_A_H +iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 73e66dbd-d22c-4cdf-a724-146c99c6107d Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-pepmlwt1.bnd.ps1 Engine Version = 4.0 Runspace ID = 579d2f3d-9487-49a0-bf21-f7f429f29803 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. { **h,ivɴ E'b&  8P!vɴZA_q!A_$ ,iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ed h**h-in״ E'b&  8P!n״ZA_q!A_$ -iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &bleh**x.iA E'b&  8P!!jAZA_0"A_$.iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f93e30a1-c152-41b3-b158-22d3004fb545 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 60f085ba-9f41-449a-8db5-80c5680195a7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**h/in E'b&  8P!nZA_4"A_h /iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h0iR| E'b&  8P!R|ZA_4"A_h 0iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h1iP E'b&  8P!PZA_JA_ 1iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h2i E'b&  8P!ZA_JA_ 2iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h3iZ' E'b&  8P!Z'ZA_KA_3iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h4iF3 E'b&  8P!F3ZA_KA_4iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**x5iݝ E'b&  8P!!jݝZA_8A_L5iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b0f054a8-3a62-4027-ac2d-e33a8bc20c61 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 67cf0a66-5c9f-4437-969a-80157805b51a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. elx**h6iHV¼ E'b&  8P!HV¼ZA_9A_`( 6iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h7i4b¼ E'b&  8P!4b¼ZA_9A_`( 7iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h8i.kͼ E'b&  8P!.kͼZA_@A_d P8iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h9iwzͼ E'b&  8P!wzͼZA_@A_d P9iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h:i1гͼ E'b&  8P!1гͼZA_y"A_@ :iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h;i56ͼ E'b&  8P!56ͼZA_y"A_@ ;iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**xi{^μ E'b&  8P!{^μZA_T#A_h >iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h?iWм E'b&  8P!WмZA_n#A_d< ?iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h@iм E'b&  8P!мZA_n#A_d< @iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hAiм E'b&  8P!мZA_ƛA_X AiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hBiWѼ E'b&  8P!WѼZA_ƛA_X BiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h } catch { E'b&  8P j_iѼZA_]$A_4CiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 76540cb8-063c-4b91-9686-ca6ee8f1bc08 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hh5 E'b&  8P!5ZA_(A_T hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hhA E'b&  8P!AZA_(A_T hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Whdows-PowerSh E'b&  8Prational &ElfChnkCiiCii kyѹ(P=f?mMF&a**Ci_iѼ E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j_iѼZA_]$A_4CiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ab99a16f-f202-46d3-b2aa-251e02232745 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 140d546c-85a1-4cdb-aa77-8a91800a2f4f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ) {**DiѼ E'b&  8P9!ѼZA_A_d DiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c((-**hEi Ѽ E'b&  8P! ѼZA_A_d EiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**hFixѼ E'b&  8P!xѼZA_A_p FiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hGi6Ѽ E'b&  8P!6ѼZA_A_p GiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**xHii-Ҽ E'b&  8P!!ji-ҼZA_{A_pP HiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f1d7fafb-8697-4675-ad1e-163dd7554282 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = cb594595-f19f-40b5-a6ab-17ae42ab2623 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hIibIҼ E'b&  8P!bIҼZA_$A_IiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hJi$NUҼ E'b&  8P!$NUҼZA_$A_JiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hKiҼ E'b&  8P!ҼZA_%A_KiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hLi Ҽ E'b&  8P! ҼZA_%A_LiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hMi8NҼ E'b&  8P!8NҼZA_'%A_ $ MiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hNiҼ E'b&  8P!ҼZA_A_ NiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a {h**hOiҼ E'b&  8P!ҼZA_'%A_ $ OiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hPi0xҼ E'b&  8P!0xҼZA_A_ PiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hQiGs E'b&  8P!GsZA_%A_QiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hRixs E'b&  8P!xsZA_%A_RiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hSiYă E'b&  8P!YăZA_A_,SiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hTiBу E'b&  8P!BуZA_A_,TiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hUi  E'b&  8P! ZA_A_\UiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hVi, E'b&  8P!,ZA_A_\ViMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**xWip E'b&  8P!!jpZA_A_\h WiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = bf364d2e-89d5-4601-b28e-b4cc6d0bbdf0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e764a10f-37c5-495f-b546-1d1a45f37c47 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hXiA E'b&  8P!AZA_&A_ XiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hYi E'b&  8P!ZA_&A_ YiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hZiM E'b&  8P!MZA_A_ ZiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h[iv  E'b&  8P!v ZA_A_ [iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h\i[& E'b&  8P![&ZA_A_\iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h]i& E'b&  8P!&ZA_A_]iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a {h**h^iae6 E'b&  8P!ae6ZA_,(A_$,^iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h_iС6 E'b&  8P!С6ZA_,(A_$,_iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h`i 6 E'b&  8P! 6ZA_A_T <`iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aueh**haiY6 E'b&  8P!Y6ZA_A_T <aiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**xbi{G7 E'b&  8P!!j{G7ZA_)A_T biMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 80bcd834-011d-4d19-b224-3e11887f514a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 742beb25-fc02-4787-b285-c4decd30a7e4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hcic7 E'b&  8P!c7ZA_ A_@ciMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hdiyo7 E'b&  8P!yo7ZA_ A_@diMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hei7 E'b&  8P!7ZA_)A_D eiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hfiv7 E'b&  8P!v7ZA_)A_D fiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hgirR Ҿ E'b&  8P!rR ҾZA_C*A_giMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hhi>Ҿ E'b&  8P!>ҾZA_C*A_hiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aSch**hiiaپ E'b&  8P!aپZA_G*A_h iiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a -h**hji.lپ E'b&  8P!.lپZA_G*A_h jiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hki'vھ E'b&  8P!'vھZA_M*A_ kiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hliaھ E'b&  8P!aھZA_M*A_ liMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hmi}"۾ E'b&  8P!}"۾ZA_ E'b&  8P!Tp>ZA_v.A_P iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ay -h**hiro헿 E'b&  8P!ro헿ZA_.A_X LiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hi E'b&  8P!ZA_.A_X LiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hiҟ E'b&  8P!ҟZA_ A_ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hi& E'b&  8P!&ZA_ A_ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xi E'b&  8P!!jZA_uA_ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b612f504-aab6-4aab-8708-2ee1ca273a0a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0c2eda5a-d644-4302-ac86-048b41cf00f1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Gx**hi E'b&  8P!ZA_/A_ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a-anh**hi E'b&  8P!ZA_/A_ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ay -h**hij) E'b&  8P!j)ZA_A_HiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hi(3 E'b&  8P!(3ZA_A_HiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hiT? E'b&  8P!T?ZA_0A_\iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hi? E'b&  8P!?ZA_0A_\iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hivJ E'b&  8P!vJZA_A_P | iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hi_ J E'b&  8P!_ JZA_A_P | iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hi J E'b&  8P! JZA_A_, iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hiJ E'b&  8P!JZA_A_, iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah  8 E'b&  8PosjȁKZA_~A_,iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @  8P j_iѼZA_]$A_4CiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 76540cb8-063c-4b91-9686-ca6ee8f1bc08 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hh5 E'b&  8P!5ZA_(A_T hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hhA E'b&  8P!AZA_(A_T hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Whdows-PowerSh E'b&  8Prational &ElfChnkiiii`˷Ba(P=f?mMF&a**iȁK E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jȁKZA_~A_,iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6e67ed8f-2724-4b65-82e8-0a3f04d29324 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d98bb4b6-cf4f-45a5-b1a8-eafdc2cf8b45 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ) {**i?K E'b&  8P9!?KZA_1A_L iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c((-**hiK E'b&  8P!KZA_1A_L iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**hiՃL E'b&  8P!ՃLZA_A_p iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hiL E'b&  8P!LZA_A_p iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**hi E'b&  8P!ZA_2A_ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hi  E'b&  8P! ZA_2A_ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hi E'b&  8P!ZA_ A_piMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hiA& E'b&  8P!A&ZA_ A_piMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hiY E'b&  8P!YZA_oA_hXiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hi{e E'b&  8P!{eZA_oA_hXiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hi E'b&  8P!ZA_2A_LiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hiϭ E'b&  8P!ϭZA_2A_LiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**xiHA E'b&  8P!!jHAZA_A_ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a4e32c84-4cff-4316-82c5-61c4a7f73b31 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 72b1969c-6577-4b15-b477-2ac9e51e8dff Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Scx**hi"a E'b&  8P!"aZA_A_iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hik E'b&  8P!kZA_A_iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hi> E'b&  8P!>ZA_%A_` iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hi*7" E'b&  8P!*7"ZA_%A_` iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hiF E'b&  8P!FZA_IA_tiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hi8U E'b&  8P!8UZA_IA_tiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**xi) E'b&  8P!!j)ZA_~4A_ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 19d07caf-e608-42de-81ad-9f4c97cc1331 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6c8b9f0a-0b66-40d4-be86-f4f3e4b68cb1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hi. E'b&  8P!.ZA_oA_ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hi> E'b&  8P!>ZA_oA_ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hiA E'b&  8P!AZA_4A_0 iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hio|& E'b&  8P!o|&ZA_4A_0 iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**xip E'b&  8P!!jpZA_~5A_0 iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e30ad49f-fa2e-42e1-83aa-c6ad823745a4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = bb7c92b3-5133-4013-9e03-efcc06053d0a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hi* E'b&  8P!*ZA_5A_8 iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hi> E'b&  8P!>ZA_5A_8 iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hi E'b&  8P!ZA_5A_hiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hi $ E'b&  8P! $ZA_5A_hiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hiA E'b&  8P!AZA_5A_diMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hi E'b&  8P!ZA_5A_diMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $h**hi/* E'b&  8P!/*ZA_5A_X0iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hi6 E'b&  8P!6ZA_5A_X0iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hir E'b&  8P!rZA_6A_< ,iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hi E'b&  8P!ZA_6A_< ,iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hi! E'b&  8P!!ZA_6A_ 0 iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hi4 E'b&  8P!4ZA_6A_ 0 iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aSch**hi&R E'b&  8P!&RZA_ǦA_(iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a -h**hiN7] E'b&  8P!N7]ZA_ǦA_(iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**xi( E'b&  8P!!j(ZA_7A_( iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0e0cf5f0-166f-4c05-a966-1539f2159cc3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1a93c205-da52-4336-88f5-9b97314e503c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hi` E'b&  8P!`ZA_7A_DiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hix  E'b&  8P!x ZA_7A_DiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hip E'b&  8P!pZA_A_@iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hiǡ E'b&  8P!ǡZA_A_@iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $h**hiߗ E'b&  8P!ߗZA_W8A_d iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hiˣ E'b&  8P!ˣZA_W8A_d iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hiwW E'b&  8P!wWZA_w8A_iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hiW E'b&  8P!WZA_w8A_iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hiw@` E'b&  8P!w@`ZA_HA_ h iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hi a E'b&  8P! aZA_HA_ h iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hii-a E'b&  8P!i-aZA_OA_ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hin7a E'b&  8P!n7aZA_OA_ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xia E'b&  8P!!jaZA_s9A_ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 56ded9f2-173e-4fe8-a32e-dc3ed0b87cd3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c169ca0c-893a-45ef-b0d0-ca45aae0b16c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Six**hipoa E'b&  8P!poaZA_w9A_8diMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aon h**hiU[a E'b&  8P!U[aZA_w9A_8diMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aSelh**hixb E'b&  8P!xbZA_A_4 iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hizb E'b&  8P!zbZA_A_4 iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hi* E'b&  8P!*ZA_3A_8 L iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hi E'b&  8P!ZA_3A_8 L iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hipE  E'b&  8P!pE ZA_:A_, iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hiGU  E'b&  8P!GU ZA_:A_, iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hi7  E'b&  8P!7 ZA_A_iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hi  E'b&  8P! ZA_A_iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hiLF5  E'b&  8P!LF5 ZA_:A_ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**hi@  E'b&  8P!@ ZA_:A_ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**xi  E'b&  8P!!j ZA_;A_iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f0c655e2-d9ed-4a53-a46b-7a3456a98224 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a9a2c817-c011-4f58-a5fc-7d3f375ecf29 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**hi  E'b&  8P! ZA_A_ ( iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hi  E'b&  8P! ZA_A_ ( iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hiD E'b&  8P!DZA_өA_< iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hiE  E'b&  8P!E ZA_өA_< iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hi, E'b&  8P!,ZA_٩A_4 iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hi: E'b&  8P!:ZA_٩A_4 iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xi E'b&  8P!!jZA_ji>j`Nח(=f?mMF&**Xi E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!ZA_#  E'b&  8P!># ZA_pA_(X iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**hi E'b&  8P!ZA_pA_(X iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hiX{> E'b&  8P!X{>ZA_>A_ ,iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Meh**hiI E'b&  8P!IZA_>A_ ,iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**@iL E'b&  8P!jLZA_?A_ 0iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 973bb0cb-f737-4f13-941d-9b8ab65fc8f9 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9bda276a-d962-4850-80a0-195cfbb037c4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**hi E'b&  8P!ZA_?A_( iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hiA_` jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hjAFC E'b&  8P!AFCZA_>A_` jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hj" E'b&  8P!"ZA_EA_, jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hj" E'b&  8P!"ZA_EA_, jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hj*$ E'b&  8P!*$ZA_BA_ jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hj>$ E'b&  8P!>$ZA_BA_ jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hjԞz$ E'b&  8P!Ԟz$ZA_CA_jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h jԊ$ E'b&  8P!Ԋ$ZA_CA_ jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Coh**x jm% E'b&  8P!!jm%ZA_!A_h jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9c3e9603-0aee-47b7-84b1-976d2673d737 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d66486f2-b3d4-4918-bc9f-e7db02d6a914 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8x**h j*H% E'b&  8P!*H%ZA_UCA_ h jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h j hS% E'b&  8P! hS%ZA_UCA_ h jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h j}9* E'b&  8P!}9*ZA_~CA_TH jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hjj* E'b&  8P!j*ZA_~CA_TH jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hj,+ E'b&  8P!,+ZA_CA_ jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hjB+ E'b&  8P!B+ZA_CA_ jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xj{w+ E'b&  8P!!j{w+ZA_CA_,jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d2806005-d6d6-4199-8f2f-1f680eab76cb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b7b97fda-0a0f-4793-8bc4-4a0d0122c346 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**hjV+ E'b&  8P!V+ZA_A_ X jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hj + E'b&  8P! +ZA_A_ X jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hj+ E'b&  8P!+ZA_$A_D jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hj(+ E'b&  8P!(+ZA_$A_D jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**xj}6, E'b&  8P!!j}6,ZA_A_DjMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b7f991e6-a7d3-4cbc-affe-b63c6d448c86 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 953a5492-7fd9-48d5-906a-1d43cbd9d812 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Scx**hjR, E'b&  8P!R,ZA_CA_ jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hjY], E'b&  8P!Y],ZA_CA_ jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hj@, E'b&  8P!@,ZA_8DA_ jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hj=, E'b&  8P!=,ZA_8DA_ jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hj, E'b&  8P!,ZA_A_LdjMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hj, E'b&  8P!,ZA_A_LdjMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hjS, E'b&  8P!S,ZA_A_ jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hj, E'b&  8P!,ZA_A_ jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hj8 E'b&  8P!8ZA_A_jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h j E'b&  8P!ZA_A_ jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h!ja E'b&  8P!aZA_;A_, !jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h"j5 E'b&  8P!5ZA_;A_, "jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h#jF  E'b&  8P!F ZA_AA_t#jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h$j E'b&  8P!ZA_AA_t$jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**x%j E'b&  8P!!jZA_EA_t %jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5c790d01-259f-448b-84aa-59f8ac8984b3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 94d5eb83-76e9-442e-8d79-4ced312ed1f8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Adx**h&jq E'b&  8P!qZA_EA_4 &jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h'j\ E'b&  8P!\ZA_EA_4 'jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h(j= E'b&  8P!=ZA_0A_x 0(jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h)jI E'b&  8P!IZA_0A_x 0)jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h*jچW E'b&  8P!چWZA_A_X  *jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h+je E'b&  8P!eZA_A_X  +jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h,j  E'b&  8P! ZA_FA_,jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h-j[ E'b&  8P![ZA_FA_-jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h.j"֐ E'b&  8P!"֐ZA_A_L .jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h/jp E'b&  8P!pZA_A_L /jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**x0jvU E'b&  8P!!jvUZA_GA_L 0jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 20c53f2e-5426-43c3-90df-825517d0d3b4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 117510ff-afa7-45e3-9a66-ceb90724c760 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**h1jo E'b&  8P!oZA_GA_ 1jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h2j{ E'b&  8P!{ZA_GA_ 2jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h3j E'b&  8P!ZA_A_,3jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h4j E'b&  8P!ZA_A_,4jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h5jKE4 E'b&  8P!KE4ZA_A_8 5jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h6j P4 E'b&  8P! P4ZA_A_8 6jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h7j΄'; E'b&  8P!΄';ZA_]IA_ `7jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h8jp3; E'b&  8P!p3;ZA_]IA_ `8jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**h9jeK< E'b&  8P!eK<ZA_IA_ @ 9jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h:j6< E'b&  8P!6<ZA_IA_ @ :jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h;jD!!= E'b&  8P!D!!=ZA_IA_ ;jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hjC= E'b&  8P!C=ZA_{JA_d@ >jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8hP! E'b&  8Ps-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah  8Prational &ElfChnk?jj?jjX~GFa(=f?mMFQ&**X?jH0= E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!H0=ZA_{JA_d@ ?jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**h@jI;-? E'b&  8P!I;-?ZA_JA_8 \ @jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hAj:? E'b&  8P!:?ZA_JA_8 \ AjMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**hBj9_? E'b&  8P!9_?ZA_JA_l , BjMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**hCjkn? E'b&  8P!kn?ZA_JA_l , CjMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**@Dj? E'b&  8P!j?ZA_zA_l ` DjMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Qp;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 63ec9f7e-32c1-4ffb-954f-a2670307ed24 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1d8e1226-e3e8-4f26-bced-08d1163ec28d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**hEjm@ E'b&  8P!m@ZA_sKA_EjMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceh**hFj@ E'b&  8P!@ZA_sKA_FjMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**hGj8@ E'b&  8P!8@ZA_A_GjMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & (-h**hHjD@ E'b&  8P!D@ZA_A_HjMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**xIjs$@ E'b&  8P!!js$@ZA_KA_ IjMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 38b783aa-6b9d-43ca-83f1-19250cc60b28 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = aa8388b9-cb0b-4b17-b39e-4ccbcb477cf7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. A_ wjMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 856c69bc-e16c-4374-9a35-6d4f76a3ac23 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 324cb4bc-6a57-4b7d-a397-c851f225c685 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hxjX E'b&  8P!XZA_yQA_p, xjMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**hyjҡX E'b&  8P!ҡXZA_yQA_p, yjMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**hzjc Y E'b&  8P!c YZA_޼A_ zjMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**h{j#Y E'b&  8P!#YZA_޼A_ {jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**h|jKOY E'b&  8P!KOYZA_A_|jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**h}jfO\Y E'b&  8P!fO\YZA_A_}jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**h~jY E'b&  8P!YZA_A_H~jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hjH}Y E'b&  8P!H}YZA_A_HjMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Adh**xjXY E'b&  8P!!jXYZA_[A_ jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 89e5e5c2-fef5-4650-8407-338bc8473058 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5816a520-598f-4440-8121-e2fb39c79334 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 3-x**hjZ E'b&  8P!ZZA__A_4jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &f (h**hjK-Z E'b&  8P!K-ZZA__A_4jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d (h**hjIZ E'b&  8P!IZZA_RRA_jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**hjgVZ E'b&  8P!gVZZA_RRA_jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**xjZ E'b&  8P!!jZZA_RA_ jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 21bf81b2-076d-426d-9b3e-3f8475aba9bd Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7bd571e9-89f9-4f0b-a062-b937578012cb Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. jC= E'b&  8P!C=ZA_{JA_d@ >jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8hP! E'b&  8Ps-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah  8Prational &ElfChnkjjjjd[);C(P=f?mMF&a**jz  E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jz ZA_A_ jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2b0805e4-18e9-41a1-bab5-47b778dcfaae Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5b0b56de-a3d6-4bd2-b60d-27bcc834c105 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. an**jP0  E'b&  8P9!P0 ZA_3TA_  jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c({ **hj]:?  E'b&  8P!]:? ZA_3TA_  jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hj  E'b&  8P! ZA_A_`jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**hj  E'b&  8P! ZA_A_`jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hj: E'b&  8P!:ZA_A_ \ jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hj>H E'b&  8P!>HZA_A_ \ jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aaceh**hj, E'b&  8P!,ZA_UA_|ljMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**hjk: E'b&  8P!k:ZA_UA_|ljMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**hjZ E'b&  8P!ZZA_A_0 jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**hjZf E'b&  8P!ZfZA_A_0 jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xjܶڿ E'b&  8P!!jܶڿZA_VA_jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4474eb0a-56a5-448a-9e85-ef0f113cf51e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e34da405-0133-49e1-b082-a529bdd74a87 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. d E'b&  8P!b>dZA_?XA_ jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hj l E'b&  8P! lZA_PA_L jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hjXl E'b&  8P!XlZA_PA_L jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hj|n E'b&  8P!|nZA_A_( jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hj'n E'b&  8P!'nZA_A_( jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hj fn E'b&  8P! fnZA_A_xjMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hjrn E'b&  8P!rnZA_A_xjMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**xjn E'b&  8P!!jnZA_-A_xh jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d1946070-620f-4913-b163-f460996c8034 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 05f3db39-7ae1-46c2-bcbf-1135e24ae981 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Scx**hj??"o E'b&  8P!??"oZA_0A_l,jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a E'b&  8P!7>ZA_6\A_HjMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aworh**xj# E'b&  8P!!j#ZA_,A_HpjMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7035845c-0a44-426e-95ea-13a3eba0754a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 19f167a4-6620-49f0-91bc-ca8347f4a1e2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rix**hjjC= E'b&  8P!C=ZA_{JA_d@ >jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8hP! E'b&  8Ps-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah  8Prational &ElfChnkj0kj0k(CM(P=f?mMF&a**jAߓ E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jAߓZA_A_(DjMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 49d9b987-20e3-47cc-981d-22afb88c8263 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 574fd432-a96f-474f-8262-1904c5518be0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. an**j E'b&  8P9!ZA_]A_< jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c({ **hj E'b&  8P!ZA_]A_< jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hjDO E'b&  8P!DOZA_4^A_L jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**hjN[ E'b&  8P!N[ZA_4^A_L jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hj'r E'b&  8P!'rZA_:^A_@ jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hj%} E'b&  8P!%}ZA_:^A_@ jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aaceh**hj E'b&  8P!ZA_A_jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**hjs E'b&  8P!sZA_A_jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**hjzB E'b&  8P!zBZA_^A_ jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**hj'B E'b&  8P!'BZA_^A_ jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hjE E'b&  8P!EZA_^A_D\ jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hjFOE E'b&  8P!FOEZA_^A_D\ jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hj'E E'b&  8P!'EZA_^A_ jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hj$LE E'b&  8P!$LEZA_^A_ jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**xjH8F E'b&  8P!!jH8FZA_h_A_jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8b1b4a62-0c54-4987-8ba0-c08f8d723f8c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 35e69e17-fd7b-4e82-b2a4-819a75956899 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hjVF E'b&  8P!VFZA_j_A_`jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**hjaF E'b&  8P!aFZA_j_A_`jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hj̎F E'b&  8P!̎FZA_A_t jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hjzF E'b&  8P!zFZA_A_t jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hj Qn E'b&  8P! QnZA_`A_jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hjLz E'b&  8P!LzZA_`A_jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hjN E'b&  8P!NZA_`A_ D jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hj_\ E'b&  8P!_\ZA_`A_ D jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hjz E'b&  8P!zZA_A_l,jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hj0 E'b&  8P!0ZA_A_l,jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xj E'b&  8P!!jZA_haA_ljMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 39f8f007-9c28-4b59-82a5-7b259dc019e1 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b04e2358-7d91-424c-8e28-0909d570a5de Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. k. E'b&  8P!.ZA_A_D>kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**h?kk E'b&  8P!kZA_nA_ |?kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**h@k5v E'b&  8P!5vZA_nA_ |@kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & (h**xAkq E'b&  8P!!jqZA_A_ @AkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2c61d2eb-976c-4485-80f8-9fd9242f4a86 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8ccd7af1-6155-4700-a941-bd3b562b2bb7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 9-x**hBk E'b&  8P!ZA_oA_BkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &f (h**hCk E'b&  8P!ZA_oA_CkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d (h**hDkG E'b&  8P!GZA_A_ DkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**hEkW E'b&  8P!WZA_A_ EkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**hFkx E'b&  8P!xZA_toA_ FkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**hGk E'b&  8P!ZA_toA_ GkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**xHk E'b&  8P!!jZA_A_ HkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9bbc39c1-be5d-4f86-bf1b-85cb8cac2d35 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9caae2cc-e7ba-4775-bef4-458384e08046 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. / E'b&  8P!->/ZA_A_ JkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ff E'b&  8P!!j>fZA_A_{kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0b9a4b17-e110-4d58-b0b2-984606927188 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f51b5101-58bf-485a-9703-cd3ba1f4cb20 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error.  E'b&  8P!d>ZA_A_ dkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hkB> E'b&  8P!B>ZA_A_ dkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hkYK E'b&  8P!YKZA_{A_kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**hkPK E'b&  8P!PKZA_{A_kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**hk7̿K E'b&  8P!7̿KZA_A_pXkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aqueh**hkSK E'b&  8P!SKZA_A_pXkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**xkHCL E'b&  8P!!jHCLZA_|A_p kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5073fe8b-760a-4a10-b95d-8a36ee5de76c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 18949e9c-c42c-4681-b99a-4d99ee3b356d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hkê^L E'b&  8P!ê^LZA_|A_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hkjL E'b&  8P!jLZA_|A_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hkL E'b&  8P!LZA_OA_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**hkOM E'b&  8P!OMZA_OA_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**hk\ E'b&  8P!\ZA_~A_T kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aqueh**hk E'b&  8P!ZA_~A_T kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hk[, E'b&  8P![,ZA_A_kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hklz E'b&  8P!lzZA_A_kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hk`P E'b&  8P!`PZA_F~A_kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hkR^ E'b&  8P!R^ZA_F~A_kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hkIM E'b&  8P!IMZA_G~A_, < kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Coh**hk} E'b&  8P!}ZA_G~A_, < kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aicyh**xk  E'b&  8P!!j ZA_~A_, 8kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 817f0f76-ef2b-43b5-98dc-25660a067454 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 69473a42-a6eb-46d3-ae44-3ce6561c4c09 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8x**hk{K E'b&  8P!{KZA_5A_4kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hk1pW E'b&  8P!1pWZA_5A_4kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hk V E'b&  8P! VZA_~A_ lkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hk74d E'b&  8P!74dZA_~A_ lkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hk` E'b&  8P!`ZA_A_  kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hkm E'b&  8P!mZA_A_  kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**xk E'b&  8P!!jZA_A_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 480b128d-2716-424c-b1ae-af9bd6b11fb2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 93dee8ae-f864-4b2c-865e-71c774e1f3bd Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hkG?- E'b&  8P!G?-ZA_PA_< LkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hk2: E'b&  8P!2:ZA_PA_< LkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hkZY E'b&  8P!ZYZA_XA_kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**hkEFe E'b&  8P!EFeZA_XA_kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**xk E'b&  8P!!jZA_:A_kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 76db25df-835a-48b8-8f53-2fa560081af2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 2dfafcdf-8326-4003-b2f0-a910967b2ca7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hkZ E'b&  8P!ZZA_A_@ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hk3 E'b&  8P!3ZA_A_@ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hkڊ$ E'b&  8P!ڊ$ZA_A_(kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hk]2 E'b&  8P!]2ZA_A_(kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hknG E'b&  8P!nGZA_0A_kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hk;T E'b&  8P!;TZA_0A_kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hkg E'b&  8P!gZA_6A_ L kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hks E'b&  8P!sZA_6A_ L kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hka E'b&  8P!aZA_A_kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**hk!Io E'b&  8P!!IoZA_A_kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**hk~d E'b&  8P!~dZA_8A_|kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aqueh**hkt E'b&  8P!tZA_8A_|kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hk E'b&  8P!ZA_A_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hk E'b&  8P!ZA_A_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**xk E'b&  8P!!jZA_A_kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d6fa044b-7c1d-42a5-a34d-895aa0ce0954 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c102eea4-193a-4d8a-a12e-602e48f365c6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rsx**hkm0 E'b&  8P!m0ZA_A_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hkY< E'b&  8P!Y<ZA_A_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hkB E'b&  8P!BZA_A_pDkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hk E'b&  8P!ZA_A_pDkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hk1W E'b&  8P!1WZA_A_0 L kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hkx=W E'b&  8P!x=WZA_A_0 L kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hkr4c E'b&  8P!r4cZA_A_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**hk"Bc E'b&  8P!"BcZA_A_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**hkac E'b&  8P!acZA_A_( kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aqueh**hkBpc E'b&  8P!BpcZA_A_( kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**xkLc E'b&  8P!!jLcZA_A_(kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 542b176e-b807-4be5-89fc-66a49f0b35eb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d66af65a-5520-45a1-bc60-33641efc22bd Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hkQd E'b&  8P!QdZA_A_kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hk*d E'b&  8P!*dZA_A_kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hkyd E'b&  8P!ydZA_GA_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**hkģd E'b&  8P!ģdZA_GA_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**hk  E'b&  8P! ZA_A_ L kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aqueh**hkQ  E'b&  8P!Q ZA_A_ L kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hk  E'b&  8P! ZA_A_4 kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hk  E'b&  8P! ZA_A_4 kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hk E'b&  8P!ZA_=A_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hk5  E'b&  8P!5 ZA_=A_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8hPSej E'b&  8Ps-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @r. 8Prational &ElfChnkk%lk%lp#Z(P=f?mMF&**@ kyY E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PC!jyYZA_BA_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 054bdbbe-a083-45cc-bcf7-b8c612cc1825 Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-umloimmc.lj0.ps1 Engine Version = 4.0 Runspace ID = 5242130b-b1e8-470d-b648-cf90da3e18c5 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. r@ **k E'b&  8P9!ZA_uA_H kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c( **hk E'b&  8P!ZA_uA_H kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(Geh**xk+> E'b&  8P!!j+>ZA_6A_H hkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 21418fe4-9ba6-4776-9aae-8f5e5e63d456 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5a076f15-83dc-48b1-b047-d4cea2f1a66a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. sox**hkn E'b&  8P!nZA_8A_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hk} E'b&  8P!}ZA_8A_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hk E'b&  8P!ZA_A_ d kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hkY E'b&  8P!YZA_A_ d kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hkyj$ E'b&  8P!yj$ZA_A_, kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hk^V0 E'b&  8P!^V0ZA_A_, kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**xkۜ E'b&  8P!!jۜZA_FA_, \ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c090434d-f575-4f5a-b738-94893e2f5ffc Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 889d8c7c-039d-48cd-848c-603442cf6295 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 2_x**hk=$ E'b&  8P!=$ZA_HA_4tkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**hk('$ E'b&  8P!('$ZA_HA_4tkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**hkj. E'b&  8P!j.ZA_IA_kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hkDh. E'b&  8P!Dh.ZA_IA_kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hk|,/ E'b&  8P!|,/ZA_:A_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hk9/ E'b&  8P!9/ZA_:A_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**xk/ E'b&  8P!!j/ZA_kA_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = eda53ec8-3ea7-4ec2-95f5-8ac2787ac56a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 854116a4-78af-41a8-a0c6-94f7d19a5f68 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. t-x**hkA/ E'b&  8P!A/ZA_lA_0 kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-neh**hk/ E'b&  8P!/ZA_lA_0 kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**hkGo2 E'b&  8P!Go2ZA_A_\ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &_Neh**hk~2 E'b&  8P!~2ZA_A_\ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &32_h**hk2 E'b&  8P!2ZA_A_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**hk)2 E'b&  8P!)2ZA_A_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**xku 3 E'b&  8P!!ju 3ZA_A_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 55cf3f4a-5277-4286-8d29-f09ffb47936c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 23f061e6-6759-412b-be73-1320bce24bff Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. kx**hk83 E'b&  8P!83ZA_A_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & kh**hk?(G3 E'b&  8P!?(G3ZA_A_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &kh**hk0c3 E'b&  8P!0c3ZA_iA_ TkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &on h**hkYo3 E'b&  8P!Yo3ZA_iA_ TkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nPrh**xkID3 E'b&  8P!!jID3ZA_A_ hkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a05f93a7-e814-4d61-8b18-ef11d519eb8f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 2f1609f3-a1d5-416a-b829-89068ae79d35 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. kx**hkuQ3 E'b&  8P!uQ3ZA_A_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &kh**hk3 E'b&  8P!3ZA_A_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & kh**hk1=4 E'b&  8P!1=4ZA_LJA_$ < kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & kh**hk"K4 E'b&  8P!"K4ZA_LJA_$ < kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &kh**hk&c4 E'b&  8P!&c4ZA_A_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &on h**hk Si4 E'b&  8P! Si4ZA_A_@ p kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nPrh**hk zp4 E'b&  8P! zp4ZA_A_ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &teMh**hk>u4 E'b&  8P!>u4ZA_A_@ p kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**hlp E'b&  8P!pZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-neh**hlp E'b&  8P!pZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**hl\ E'b&  8P!\ZA_A_ LlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &_Neh**hl- E'b&  8P!-ZA_A_ LlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &32_h**hlx E'b&  8P!xZA_A_tlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**hl؍ E'b&  8P!؍ZA_A_tlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**hl  E'b&  8P! ZA_A_8 dlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hl E'b&  8P!ZA_A_8 dlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**xlD E'b&  8P!!jDZA_cA_8 lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8ef34aab-6525-4362-847d-ef93d7a77895 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 167e029e-e121-471b-ba4f-ae7e0e81d76a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 2_x**h l_ E'b&  8P!_ZA_)A_  lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**h lk E'b&  8P!kZA_)A_  lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**h lC E'b&  8P!CZA_A_<X lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**h l E'b&  8P!ZA_A_<X lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**h lh E'b&  8P!hZA_VA_( x lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hl w E'b&  8P! wZA_VA_( xlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hlHJ E'b&  8P!HJZA_+A_h lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hl)Y E'b&  8P!)YZA_+A_h lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hlu E'b&  8P!uZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hlׁ E'b&  8P!ׁZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**xl  E'b&  8P!!j ZA_ȊA_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3988a7ea-2d1d-4ec0-920d-0dce4b3e0fb2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = fd71c15e-3178-4fdd-913a-092bac513cd8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. t-x**hl= E'b&  8P!=ZA_̊A_lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-neh**hl% E'b&  8P!%ZA_̊A_lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**hlJv E'b&  8P!JvZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &_Neh**hlĶ E'b&  8P!ĶZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &32_h**hl33 E'b&  8P!33ZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**hl?3 E'b&  8P!?3ZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**hlz< E'b&  8P!z<ZA_A_x lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hl< E'b&  8P!<ZA_A_x lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hl0< E'b&  8P!0<ZA_A_  lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hlmk< E'b&  8P!mk<ZA_A_  lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**xl<= E'b&  8P!!j<=ZA_A_  lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = cda51bf3-93ee-448f-870d-d5d68fbccf9b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 3ef5937b-dd02-4f81-91a5-db6e6b805a1b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. t-x**hlf= E'b&  8P!f=ZA_A_4 lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-neh**h lvr= E'b&  8P!vr=ZA_A_4 lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**h!l>@E E'b&  8P!>@EZA_LA_p`!lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &_Neh**h"lJME E'b&  8P!JMEZA_LA_p`"lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &32_h**h#lRlE E'b&  8P!RlEZA_iA_#lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**h$lzE E'b&  8P!zEZA_iA_$lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**x%lE E'b&  8P!!jEZA_A_ %lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = be260340-62f2-41e3-8545-d6eb1f705c9d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5d537bca-1d44-4e37-bb1e-c74f486fd935 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. sox-Windows-Pow E'b&  8PPrational &ElfChnk&ll&ll(Hx>6E(=f?mMF &**X&l# F E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!# FZA_A_0 &lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**h'l3F E'b&  8P!3FZA_A_0 'lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**h(lP8F E'b&  8P!P8FZA_A_| <(lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**h)l~CF E'b&  8P!~CFZA_A_| <)lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**@*lBF E'b&  8P!jBFZA_/A_| 4*lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  p;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = dac41d47-b3f1-4b38-b51a-903dc4a17bd2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b7670598-4260-43f7-bc67-be847f2c580a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**h+lF E'b&  8P!FZA_3A_ +lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Rh**h,lF E'b&  8P!FZA_3A_ ,lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h-l#G E'b&  8P!#GZA_QA_-lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h.lw1G E'b&  8P!w1GZA_QA_.lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h/lZD>G E'b&  8P!ZD>GZA_SA_l/lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h0l~HG E'b&  8P!~HGZA_A_ |0lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h1lJIG E'b&  8P!JIGZA_SA_l1lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h2l6UG E'b&  8P!6UGZA_A_ |2lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h3lcD E'b&  8P!cDZA_TA_ 43lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h4l!%R E'b&  8P!!%RZA_TA_ 44lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t Nh**h5lD E'b&  8P!DZA_A_5lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &utih**h6l9S E'b&  8P!9SZA_A_6lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tioh**h7lF9q E'b&  8P!F9qZA_A_T 7lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &) {h**h8l' E'b&  8P!'ZA_A_T 8lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**x9l? E'b&  8P!!j?ZA_A_X 9lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 17ef6e80-3282-49ab-baa0-49f4745e8c5b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 46ac963b-49c6-4e8b-9b26-7dcc918a2c42 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h:l,}  E'b&  8P!,} ZA_A_ 0 :lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h;l)i E'b&  8P!)iZA_A_ 0 ;lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t Nh**hlޤ E'b&  8P!ޤZA_A_p>lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &) {h**h?lF E'b&  8P!FZA_A_p?lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**h@l  E'b&  8P! ZA_ߏA_T@lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &e ah**hAl E'b&  8P!ZA_ߏA_TAlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & $ch** Bl& E'b&  8P !j&ZA_A_TdBlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  "p Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a4f873c8-a619-4739-951b-02b1cff0e158 Host Application = powershell.exe -NoProfile -NonInteractive -Command try { $ErrorActionPreference = "Stop" $ProgressPreference = "SilentlyContinue" $modules = Get-InstalledModule -ErrorAction SilentlyContinue if ($modules) { foreach ($mod in $modules) { [PSCustomObject]@{ Name = $mod.Name Version = $mod.Version.ToString() Repository = $mod.Repository Author = $mod.Author } | ConvertTo-Json -Compress Write-Output "---SEPARATOR---" } } } catch { Write-Error $_.Exception.Message; exit 1 } Engine Version = 4.0 Runspace ID = 1061a6d9-b8e6-4eb2-85c8-9a92183be6e3 Pipeline ID = 1 Command Name = Command Type = Script Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The term 'Get-InstalledModule' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Fully Qualified Error ID = Microsoft.PowerShell.Commands.WriteErrorException ndo **hClb? E'b&  8P!b?ZA_A_XClMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hDlK E'b&  8P!KZA_A_XDlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hEl E'b&  8P!ZA_,A_ ElMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &936h**hFl)! E'b&  8P!)!ZA_,A_ FlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**hGl6 E'b&  8P!6ZA_͐A_X LGlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**hHlT  E'b&  8P!T ZA_͐A_X LHlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tioh**hIl$> E'b&  8P!$>ZA_ѐA_ TIlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &dreh**hJlJ E'b&  8P!JZA_ѐA_ TJlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tryh**xKl𴻫 E'b&  8P!!j𴻫ZA_YA_ |KlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8cb31a9f-073f-44e2-ae31-39de0881bd92 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e762e673-8eda-4733-975b-e07f62f64433 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. t-x**hLl΅ث E'b&  8P!΅ثZA_]A_LlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**hMlP E'b&  8P!PZA_]A_MlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tioh**hNl J E'b&  8P! JZA_בA_$ NlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &dreh**hOlU.W E'b&  8P!U.WZA_בA_$ OlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tryh**hPl: E'b&  8P!:ZA_*A_ PlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &andh**hQl=: E'b&  8P!=:ZA_*A_ QlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & -ah**hRloLK E'b&  8P!oLKZA_A_P RlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Engh**hSl[XK E'b&  8P![XKZA_A_P SlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hTl#5T E'b&  8P!#5TZA_A_ @TlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hUlAT E'b&  8P!ATZA_A_ @UlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hVl(~T E'b&  8P!(~TZA_A_VlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hWlT E'b&  8P!TZA_A_WlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**xXlŚ U E'b&  8P!!jŚ UZA_A_XlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1ee1fabc-2ce5-4607-9dae-7441b990d212 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 52dc083b-d383-43b5-9ac0-ea2b61dc0b09 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. dox**hYlt5U E'b&  8P!t5UZA_A_\ YlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hZlx?U E'b&  8P!x?UZA_A_\ ZlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**h[l ] E'b&  8P! ]ZA_JA_`D[lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &789h**h\lG] E'b&  8P!G]ZA_JA_`D\lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**h]lԡ^ E'b&  8P!ԡ^ZA_KA_ ]lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**h^lR^ E'b&  8P!R^ZA_KA_ ^lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tioh**h_l^^ E'b&  8P!^^ZA_ A_4 _lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &dreh**h`lyk^ E'b&  8P!yk^ZA_ A_4 `lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tryh**hal^ E'b&  8P!^ZA_A_D alMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &andh**hblS^ E'b&  8P!S^ZA_A_D blMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & -ah**xclt_ E'b&  8P!!jt_ZA_SA_D clMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 501373aa-4e14-4e8b-bf8d-c55cd7d49fba Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = dddbf432-9f9f-424f-a1de-50ed947dcb4e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. dox**hdlQ%_ E'b&  8P!Q%_ZA_9A_dlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hel1_ E'b&  8P!1_ZA_9A_elMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hfl N_ E'b&  8P! N_ZA_XA_d flMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &0fbh**hgl@Z_ E'b&  8P!@Z_ZA_XA_d glMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**xhl;b_ E'b&  8P!!j;b_ZA_A_LhlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9ea10344-63dc-46d8-a8ae-a05b06d2657e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9f975b7c-4785-40e2-b5bb-5a3bfdb76d8c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. dox**hilg_ E'b&  8P!g_ZA_ߔA_ ilMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hjl_ E'b&  8P!_ZA_ߔA_ jlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hkl{.` E'b&  8P!{.`ZA_A_<klMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hll@8<` E'b&  8P!@8<`ZA_A_<llMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hmlPR` E'b&  8P!PR`ZA_A_@mlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hnlY` E'b&  8P!Y`ZA_A_,nlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hol*`` E'b&  8P!*``ZA_A_@olMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hpl|d` E'b&  8P!|d`ZA_A_,plMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hqlT* E'b&  8P!T*ZA_LA_8 qlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &cf9h**hrlv E'b&  8P!vZA_LA_8 rlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**hslce E'b&  8P!ceZA_rA_ slMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**htlt E'b&  8P!tZA_rA_ tlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tioh**hul  E'b&  8P! ZA_xA_X@ulMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &dreh**hvly E'b&  8P!yZA_xA_X@vlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tryh**xwl E'b&  8P!!jZA_ٖA_XD wlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ccf6e072-339f-4d9d-aa57-3a9c7a9316a3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d1c3dafd-40b2-4f43-9c16-bb857ebcec71 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. dox**hxl/F/ E'b&  8P!/F/ZA_CA_L XxlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &5c9h**hylO: E'b&  8P!O:ZA_CA_L XylMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**hzl* E'b&  8P!*ZA_!A_t zlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**h{l E'b&  8P!ZA_!A_t {lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tioh**h|lF E'b&  8P!FZA_A_ |lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &dreh**h}l- E'b&  8P!-ZA_A_ }lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tryh**h~l;d5 E'b&  8P!;d5ZA_A_ ~lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &andh**hlD E'b&  8P!DZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & -ah**hl!b E'b&  8P!!bZA_A_<lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Engh**hlwo E'b&  8P!woZA_A_<lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h Command  E'b&  8P j_ZA_:A_D lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @&  8PPrational &ElfChnkllllxN3 (P=f?mMF&a**l_ E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j_ZA_:A_D lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 32359ee1-b4cd-4e9a-a7a0-3ee63b04158a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 95a652c9-5f06-4703-aca9-0c12bb3b6de3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ati**lZ E'b&  8P9!ZZA_QA_lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c(t **hl E'b&  8P!ZA_QA_lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**hlv E'b&  8P!vZA_jA_lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hl  E'b&  8P! ZA_jA_lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hl06VS E'b&  8P!06VSZA_A_ $ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Rh**hl!bS E'b&  8P!!bSZA_A_ $ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hlr8d E'b&  8P!r8dZA_(A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hl^Kd E'b&  8P!^KdZA_(A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hlwG#m E'b&  8P!wG#mZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hl3m E'b&  8P!3mZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hlqm E'b&  8P!qmZA_1A_lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hl}m E'b&  8P!}mZA_1A_lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xllkn E'b&  8P!!jlknZA_A_lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7020cf30-11b3-406b-9155-2b01b41be3b4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d6f8b748-e34a-4886-a8c7-1acc8f85968a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hl3|׎ E'b&  8P!>׎ZA_.A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xl/"A E'b&  8P!!j/"AZA_A_ `lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f46d73a7-e5b8-4033-83be-531880a64d4b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d7045ea8-0a50-4854-9e38-b7b166fb6c84 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Six**hlj E'b&  8P!jZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aon h**hlAu E'b&  8P!AuZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aSelh**hlUV E'b&  8P!UVZA_A_( <lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hl& E'b&  8P!&ZA_A_( <lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad Gh**hl<Ж E'b&  8P!<ЖZA_A_`lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a-anh**hlݘܖ E'b&  8P!ݘܖZA_A_`lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ay -h**xl M E'b&  8P!!j MZA_۝A_`LlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e17cd82d-f973-4ef7-aa12-44c7970f1716 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4f1b2b0e-8dd1-436e-8f50-0e0709e1a33b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. nax**hlp E'b&  8P!pZA_A_lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**hl2r| E'b&  8P!2r|ZA_A_lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**hlG E'b&  8P!GZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &acath**hlW E'b&  8P!WZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sih**xlwI  E'b&  8P!!jwI ZA_ОA_ dlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 11b1dbbb-e9d7-48ef-b842-7244fc73118b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 75c9c1fb-dae6-471a-bc93-73a2be2afdb8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. nax**hlǶ) E'b&  8P!Ƕ)ZA_ҞA_,`lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**hl5 E'b&  8P!5ZA_ҞA_,`lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**hls E'b&  8P!sZA_A_lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &acath**hl)! E'b&  8P!)!ZA_A_lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sih**hlY> E'b&  8P!Y>ZA_A_`lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aon h**hl} E'b&  8P!}ZA_A_`lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aSelh**hlۧ E'b&  8P!ۧZA_A_ L lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hl} E'b&  8P!}ZA_A_ L lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad Gh**hlc) E'b&  8P!c)ZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a-anh**hlv) E'b&  8P!v)ZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ay -h**hlI E'b&  8P!IZA_A_L lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hldƼI E'b&  8P!dƼIZA_A_L lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hlI E'b&  8P!IZA_pA_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hlKI E'b&  8P!KIZA_pA_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xlsJ E'b&  8P!!jsJZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 819c1dc4-4c66-4c39-a45f-c12024764cb7 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 74a2a1da-ea69-4682-bb41-1f7b8a7a1eee Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. nax**hl潏J E'b&  8P!潏JZA_A_lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**hl J E'b&  8P! JZA_A_lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**hl2K E'b&  8P!2KZA_A_< lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &acath**hlK E'b&  8P!KZA_A_< lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sih**hlƸ E'b&  8P!ƸZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aon h**hl)i E'b&  8P!)iZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aSelh**hlz E'b&  8P!zZA_A_ XlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hlk E'b&  8P!kZA_A_ XlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad Gh**hl3 E'b&  8P!3ZA_A_lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a-anh**hlDz E'b&  8P!DzZA_A_lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ay -h**xl,< E'b&  8P!!j,<ZA_¢A_lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ad553f8a-0f3d-45b0-a88e-3a42b96f5b5c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b7ae94da-39c1-42a1-b265-6b7daee79425 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. nax**hl{X E'b&  8P!{XZA_&A_h lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**hlf E'b&  8P!fZA_&A_h lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah @ E'b&  8Prational &ElfChnkl$ml$mx9ZA$F(=f?mMFY&**Xl? E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!?ZA_nA_  lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hl+ E'b&  8P!+ZA_nA_  lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hlڬ E'b&  8P!ڬZA_A_ PlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**hlQ E'b&  8P!QZA_A_ PlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**hl%Џ E'b&  8P!%ЏZA_%A_8 4lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**hl1E E'b&  8P!1EZA_%A_8 4lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &00-h**hl E'b&  8P!ZA_,A_D` lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**hl E'b&  8P!ZA_,A_D` lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nfih**hl5 E'b&  8P!5ZA_A_ |lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Conh**hlNB E'b&  8P!NBZA_A_ |lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**@lsH؝ E'b&  8P!jsH؝ZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Yp;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = db39d4a7-d915-4125-ada3-5ecd794db39f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = cbd4cb7a-e96f-468e-b835-dddb966fd964 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**hl E'b&  8P!ZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hl^ E'b&  8P!^ZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hlό* E'b&  8P!ό*ZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hl7 E'b&  8P!7ZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hlc%_ E'b&  8P!c%_ZA_A_<lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hlgn E'b&  8P!gnZA_A_<lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**xl`ۡ E'b&  8P!!j`ۡZA_*A_L lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5f95d70a-b6cc-42bb-ac5f-a72f32da3318 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0b74bfc1-264e-4d69-bdb6-2525341e32ee Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hlY E'b&  8P!YZA_A_ @ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hlh E'b&  8P!hZA_A_ @ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Winh**hlb/ E'b&  8P!b/ZA_4A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hl= E'b&  8P!=ZA_4A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**xlTף E'b&  8P!!jTףZA_ѥA_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 48c9a322-7a70-49b3-a208-c7b11acc348f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 83b0585f-597c-4d64-bc08-db39b2fedf50 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**hl9 E'b&  8P!9ZA_եA_d<lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hl{̢ E'b&  8P!{̢ZA_եA_d<lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hlk E'b&  8P!kZA_hA_lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hlK E'b&  8P!KZA_hA_lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hl) E'b&  8P!)ZA_'A_plMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hl7 E'b&  8P!7ZA_'A_plMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hl C E'b&  8P! CZA_,A_l @lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hl^O E'b&  8P!^OZA_,A_l @lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hlA[B E'b&  8P!A[BZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hlVjB E'b&  8P!VjBZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hl9T E'b&  8P!9TZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**hlFT E'b&  8P!FTZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hlUeT E'b&  8P!UeTZA_A_| LlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**hlsT E'b&  8P!sTZA_A_| LlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**xlST E'b&  8P!!jSTZA_A_| 4lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 51d51f57-283e-43fe-b733-e0677404b0d0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 27c9b6d8-62fe-40e8-9723-2c94ae7606e8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hlpU E'b&  8P!pUZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hlt&U E'b&  8P!t&UZA_A_ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hlBU E'b&  8P!BUZA_QA_h @ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**hlmVU E'b&  8P!mVUZA_QA_h @ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hlk}+ E'b&  8P!k}+ZA_A_dlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**hl-8 E'b&  8P!-8ZA_A_dlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**hl  E'b&  8P! ZA_ĩA_lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rouh**hlT! E'b&  8P!T!ZA_ĩA_lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hl5 E'b&  8P!5ZA_ȩA_plMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &elsh**hli B E'b&  8P!i BZA_ȩA_plMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &} h**xl̈́ E'b&  8P!!j̈́ZA_A_llMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e5dc1d68-7214-4b1c-984a-17a26f6455fe Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d1c63637-a93f-4ad1-9778-3c5cb325e061 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**hlt$ E'b&  8P!t$ZA_/A_ hlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**hmA E'b&  8P!AZA_/A_ hmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**hmd E'b&  8P!dZA_A_  mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rouh**hm p E'b&  8P! pZA_A_  mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hmG E'b&  8P!GZA_A_L| mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &elsh**hm-$  E'b&  8P!-$ ZA_A_L| mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &} h**hm E'b&  8P!ZA_#A_ mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a33h**hmI E'b&  8P!IZA_#A_ mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ROUh**hmGB E'b&  8P!GBZA_XA_  mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hm/. E'b&  8P!/.ZA_XA_  mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h me E'b&  8P!eZA_A_ x mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h m*, E'b&  8P!*,ZA_A_ x mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**x mD]} E'b&  8P!!jD]}ZA_A_  mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a44906a9-d2ac-48c7-9183-60c78e0f6d68 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9c6edad8-7cfa-493e-90e7-3346a125d744 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. OUx**h m] E'b&  8P!]ZA_A_  mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h m" E'b&  8P!"ZA_A_  mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hmzAa E'b&  8P!zAaZA_,A_mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hm4Ko E'b&  8P!4KoZA_,A_mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hm= E'b&  8P!=ZA_A_ mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hmy E'b&  8P!yZA_A_ mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hmM E'b&  8P!MZA_dA_$ mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hm\ E'b&  8P!\ZA_dA_$ mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**mJs E'b&  8P]!jJsZA_kA_ mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 71b8e5df-fa12-46c2-a881-9aed724f5f19 Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-rglzfxch.roc.ps1 Engine Version = 4.0 Runspace ID = 854095e1-629f-4e59-9125-027cc830a621 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8**hm} E'b&  8P!}ZA_sA_, dmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hmKi E'b&  8P!KiZA_sA_, dmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xm E'b&  8P!!jZA_A_, mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e23d21a1-9d97-4c89-90a6-624e6aaac93d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = edd4ae46-a6c7-4240-9f6c-284d3a271317 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8x**hm9' E'b&  8P!9'ZA_A_4mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hm}(6 E'b&  8P!}(6ZA_A_4mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hm u E'b&  8P! uZA_.A_< 0 mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hm E'b&  8P!ZA_.A_< 0 mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hm E'b&  8P!ZA_A_H mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hmyۥ E'b&  8P!yۥZA_A_H mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xm`  E'b&  8P!!j` ZA_IA_H 0mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c6a5741d-0128-477d-a0f9-3a5bef33fb28 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4c4b4d5b-5609-433a-9990-7b70ac51f46e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. drx**hmӸ E'b&  8P!ӸZA_׮A_mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h m! E'b&  8P!!ZA_׮A_ mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h!mn E'b&  8P!nZA_ۮA_l  !mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**h"m:z E'b&  8P!:zZA_ۮA_l  "mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h#mh  E'b&  8P!h ZA_PA_|8#mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h$m= E'b&  8P!=ZA_PA_|8$mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8hPrational &ElfChnk%mtm%mtm`LQS:;(P=f?mMF&a**%m, E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j,ZA_yA_|%mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 40227313-4ad9-41b6-98f2-9439f08bceae Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c8e2109d-2dfc-498d-bf72-d1e2442bbdda Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ID **&myU E'b&  8P9!yUZA_A_ &mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c(f **h'm` E'b&  8P!`ZA_A_ 'mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &and h**h(mܽ E'b&  8P!ܽZA_A_ (mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aaceh**h)m E'b&  8P!ZA_A_ )mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**h*mO[ E'b&  8P!O[ZA_A_,*mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**h+mz E'b&  8P!zZA_A_,+mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**x,md E'b&  8P!!jdZA_A_0 ,mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c0a2cc92-6a3e-487a-950c-e4bcde6d8e02 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d8a925a1-1970-4451-9287-c2ea10f7dd7f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. b-x**h-m E'b&  8P!ZA_A_X -mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**h.m E'b&  8P!ZA_A_X .mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**h/m' E'b&  8P!'ZA_A_` `/mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h0m; E'b&  8P!;ZA_A_` `0mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**x1m;$ E'b&  8P!!j;$ZA_cA_` 1mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6d88ed62-2b8f-4a59-9186-fd3d5690ea55 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 98c0c365-6c8b-4870-a91b-20e6ae17a4da Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 3-x**h2mT~@ E'b&  8P!T~@ZA_gA_D2mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**h3mEjL E'b&  8P!EjLZA_gA_D3mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**h4ms E'b&  8P!sZA_ŰA_T4mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h5m{| E'b&  8P!{|ZA_ŰA_T5mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h6m E'b&  8P!ZA_˰A_ 6mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h7m": E'b&  8P!":ZA_A_ |7mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h8m E'b&  8P!ZA_A_ |8mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h9m! E'b&  8P!!ZA_˰A_ 9mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h:mU~ E'b&  8P!U~ZA_A_0 :mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h;m\̜~ E'b&  8P!\̜~ZA_A_0 ;mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a -h**hmw E'b&  8P!wZA_A_ >mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h?m" E'b&  8P!"ZA_A_ ?mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**x@m E'b&  8P!!jZA_A_ @mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e4924a20-82a2-400f-bd22-dc9a8cef161f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 43229431-4e64-4b18-827d-1267d6d9a910 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. e-x**hAm E'b&  8P!ZA_A_t,AmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**hBm E'b&  8P!ZA_A_t,BmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**hCm5/ E'b&  8P!5/ZA_A_CmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hDmNJ: E'b&  8P!NJ:ZA_A_DmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hEm^1 E'b&  8P!^1ZA_ԲA_  EmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hFmk1 E'b&  8P!k1ZA_ԲA_  FmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hGmSC E'b&  8P!SCZA_AA_0GmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hHm١C E'b&  8P!١CZA_AA_0HmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hImC E'b&  8P!CZA_bA_< ImMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hJmRC E'b&  8P!RCZA_bA_< JmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xKmGD E'b&  8P!!jGDZA_A_< KmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c4ab0c33-b5fc-4fe8-8438-2281d1085a31 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ae628f33-bd41-481e-bd21-1b8d15940cf3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. c-x**hLmժcD E'b&  8P!ժcDZA_A_@LmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**hMmaoD E'b&  8P!aoDZA_A_@MmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**hNmDyD E'b&  8P!DyDZA_A_, NmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hOmeD E'b&  8P!eDZA_A_, OmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hPmO E'b&  8P!OZA_A_T PmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hQm ^ E'b&  8P! ^ZA_A_T QmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hRms. E'b&  8P!s.ZA_A_ RmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hSm!R= E'b&  8P!!R=ZA_A_ SmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hTm E'b&  8P!ZA_ A_ TmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hUmU E'b&  8P!UZA_ A_ UmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ainh**hVmC  E'b&  8P!C ZA_ A_ VmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &auteh**hWmp E'b&  8P!pZA_ A_ WmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aadah**xXm^ E'b&  8P!!j^ZA_q A_< XmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c3f418d7-5a3c-4def-b0bc-657d3436d4a0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 206d035f-5e4b-4135-96a8-31d036c9923f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 7-x**hYm E'b&  8P!ZA_r A_XYmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**hZmJ E'b&  8P!JZA_r A_XZmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**h[m* E'b&  8P!*ZA_еA_ T [mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h\mN E'b&  8P!NZA_еA_ T \mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h]m E'b&  8P!ZA_ A_l 0 ]mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h^m E'b&  8P!ZA_ A_l 0 ^mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**x_mPk E'b&  8P!!jPkZA_A_l 8_mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = af4a6adb-a461-46b4-a784-8673ac886bcb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b49ba07c-71aa-42c5-a74b-d6f0b881a2b7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. m E'b&  8P!!jk>mZA_A_ mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a9f8f924-8c43-4578-a7b1-6314373162f0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 45a77e34-ebe0-4ab5-8efa-8e537074a221 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. anx**hmټZm E'b&  8P!ټZmZA_A_TmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hmmhm E'b&  8P!mhmZA_A_TmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hmXm E'b&  8P!XmZA_A_ @ mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hmm E'b&  8P!mZA_A_ @ mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hm  E'b&  8P! ZA_rA_ $mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hm  E'b&  8P! ZA_rA_ $mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hmHv E'b&  8P!HvZA_sA_mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hmb E'b&  8P!bZA_sA_mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hmL+ E'b&  8P!L+ZA_A_mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hm~8 E'b&  8P!~8ZA_A_mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hmZ{ E'b&  8P!Z{ZA_A_h mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hm4 E'b&  8P!4ZA_A_h mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xm E'b&  8P!!jZA_WA_h mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = cf8415f2-9f01-4b71-9007-30a003ee261e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8a676605-ed6e-4ca9-a8ae-79664262cfa2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**hmn2 E'b&  8P!n2ZA_A_ mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hm? E'b&  8P!?ZA_A_ mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hm| E'b&  8P!|ZA_A_mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hmD E'b&  8P!DZA_A_mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hm'2% E'b&  8P!'2%ZA_A_L mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hmM4 E'b&  8P!M4ZA_A_L mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &quehe Number = 1 E'b&  8P SjDZA_A_L mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @P! ZA_A_@ tmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah&8hPrational &ElfChnkmnmn KoǮLY(P=f?mMF&a**mD E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jDZA_A_L mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f88db43e-48ff-49d2-bc4c-573c0ba65682 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1fd9e6af-b9d0-4831-b535-183e5bda98c6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ac **my E'b&  8P9!yZA_A_ mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c(d **hm"! E'b&  8P!"!ZA_A_ mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aaceh**hmS E'b&  8P!SZA_A_DmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**hms E'b&  8P!sZA_A_DmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**xm5l E'b&  8P!!j5lZA_A_D mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5c69db57-6f42-4024-b66d-5f87c4a933e3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d57ed104-a496-4441-bef9-fe72799ad3a5 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error.  E'b&  8P!_Q>ZA_ A_.nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**h/n=J E'b&  8P!=JZA_ A_/nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h0n!= E'b&  8P!!=ZA_ A_ X0nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h1no= E'b&  8P!o=ZA_ A_ X1nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h2ncVE E'b&  8P!cVEZA_ A_2nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h3nF E'b&  8P!FZA_ A_3nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h4nF E'b&  8P!FZA_!A_\ 4nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h5nF E'b&  8P!FZA_!A_\ 5nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h6n0G E'b&  8P!0GZA_!A_L 6nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h7nI=G E'b&  8P!I=GZA_!A_L 7nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**x8nG E'b&  8P!!jGZA_!A_Ld 8nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1490b204-3564-48b5-a462-29e2f28f197b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 66b92522-d58f-4e32-b88b-27a72ae4ffa0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -nx**h9nG E'b&  8P!GZA_A_ 9nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h:nLH E'b&  8P!LHZA_A_ :nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h;n&K E'b&  8P!&KZA_!A_lT ;nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hnSK E'b&  8P!SKZA_!A_ >nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**x?nK E'b&  8P!!jKZA_~A_?nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4acdbf5e-fa97-4aca-8275-85356485ef42 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 115c0e79-a177-4bbd-b919-6663f7cdfae6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. eIx**h@n,K E'b&  8P!,KZA_m"A_< @nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hAnlK E'b&  8P!lKZA_m"A_< AnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hBn% L E'b&  8P!% LZA_r"A_lBnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hCn:mL E'b&  8P!:mLZA_r"A_lCnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**xDnEl{L E'b&  8P!!jEl{LZA_A_lDnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7e97d0f0-3f7f-4a10-9c92-9d348354e324 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4bd44382-449f-403e-89a5-1e52a22f7de1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hEn^L E'b&  8P!^LZA_"A_D EnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hFn ML E'b&  8P! MLZA_"A_D FnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hGnL E'b&  8P!LZA_*A_, GnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hHnBQL E'b&  8P!BQLZA_*A_, HnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hIn M E'b&  8P! MZA_-A_l 8 InMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hJn>M E'b&  8P!>MZA_.A_ JnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hKnM E'b&  8P!MZA_-A_l 8 KnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hLncM E'b&  8P!cMZA_.A_ LnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $h**hMn[3 E'b&  8P![3ZA_A_ 0MnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hNn E'b&  8P!ZA_A_ 0NnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hOnB E'b&  8P!BZA_1A_ OnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hPn6- E'b&  8P!6-ZA_1A_ PnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ainh**hQnJ E'b&  8P!JZA_7A_ QnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &auteh**hRn:Y E'b&  8P!:YZA_7A_ RnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aadah**xSnp E'b&  8P!!jpZA_A_L SnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 58f81556-becf-4c0e-a332-a4266b523304 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a1d20efe-9811-4b30-90d6-1ae36433eef2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. eIx**hTn| E'b&  8P!|ZA_A_TnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hUn6 E'b&  8P!6ZA_A_UnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hVnXX E'b&  8P!XXZA_$A_ VnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hWnvDd E'b&  8P!vDdZA_$A_ WnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hXn[A E'b&  8P![AZA_$%A_DXnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hYn E'b&  8P!ZA_$%A_DYnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hZn: E'b&  8P!:ZA_iA_ ZnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h[nu E'b&  8P!uZA_iA_ [nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h\ns E'b&  8P!sZA_z%A_0\nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h]n) E'b&  8P!)ZA_z%A_0]nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**x^n E'b&  8P!!jZA_A_L ^nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 05b86fd0-55d5-46cd-b735-cee3910dcbfc Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d7a9c4b9-9fa9-4518-a320-8161861d1ea0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. eIx**h_n" E'b&  8P!"ZA_A_l8_nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h`nƱ E'b&  8P!ƱZA_A_l8`nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**han4 E'b&  8P!4ZA_&A_DanMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hbn4B E'b&  8P!4BZA_&A_DbnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hcn$W E'b&  8P!$WZA_&A_X L cnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hdn2W E'b&  8P!2WZA_&A_X L dnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**henWe^ E'b&  8P!We^ZA_&A_x enMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hfns^ E'b&  8P!s^ZA_&A_x fnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hgnj_ E'b&  8P!j_ZA_C'A_dgnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hhn6y_ E'b&  8P!6y_ZA_C'A_dhnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hin=_ E'b&  8P!=_ZA_A_inMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**hjn]_ E'b&  8P!]_ZA_A_jnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**xkn^C` E'b&  8P!!j^C`ZA_'A_ knMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 311c1304-dd95-40f8-ad21-2adf57afc658 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f0a817a7-db87-4423-bf3c-d1917da57b27 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. eIx**hln2n` E'b&  8P!2n`ZA_'A_L lnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hmnhz` E'b&  8P!hz`ZA_'A_L mnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hnnc E'b&  8P!cZA_'A_l TnnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**honqxc E'b&  8P!qxcZA_'A_l TonMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hpn-c E'b&  8P!-cZA_'A_4pnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hqnc E'b&  8P!cZA_'A_4qnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Schpt Name =  E'b&  8Pumjs3]dZA_(A_rnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*hmn2 E'b&  8P!n2ZA_A_ mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hm? E'b&  8P!?ZA_A_ mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hm| E'b&  8P!|ZA_A_mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hmD E'b&  8P!DZA_A_mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hm'2% E'b&  8P!'2%ZA_A_L mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hmM4 E'b&  8P!M4ZA_A_L mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &quehe Number = 1 E'b&  8P SjDZA_A_L mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @P! ZA_A_@ tmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah&8hPrational &ElfChnkrnnrnn l%F7(P=f?mMF&a**rns3]d E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!js3]dZA_(A_rnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 786f3a96-3641-4d30-9506-d4ce08ddb942 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 505b46d9-073a-491b-bf9a-9d16710485b0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ac **snX&wd E'b&  8P9!X&wdZA_+A_ snMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c(d **htntd E'b&  8P!tdZA_+A_ tnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aaceh**hunId E'b&  8P!IdZA_ZA_ unMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**hvnd E'b&  8P!dZA_ZA_ vnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**hwnՃi E'b&  8P!ՃiZA_p)A_ wnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hxnީi E'b&  8P!ީiZA_p)A_ xnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hyni E'b&  8P!iZA_t)A_DynMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hzni E'b&  8P!iZA_t)A_DznMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**x{nn0j E'b&  8P!!jn0jZA_)A_{nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f34bda2b-d642-47a4-8063-e5e7246a3bf4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 057382ac-b06f-4e37-ada2-7e16e72a4063 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**h|nRj E'b&  8P!RjZA_)A_ |nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h}ns`j E'b&  8P!s`jZA_)A_ }nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a# E'b&  8P!>#ZA_A_ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hnÝ E'b&  8P!ÝZA_A_ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hn E'b&  8P!ZA_+A_ X nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hn  E'b&  8P! ZA_+A_ X nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**xn_A E'b&  8P!!j_AZA_A_ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2dbe55f1-91ec-439a-861f-5943ca5d457d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 948e012d-6fa1-46b4-9955-6ef5f78ca5b6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hn_ E'b&  8P!_ZA_A_\ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hnZm E'b&  8P!ZmZA_A_\ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aeIh**hn#6 E'b&  8P!#6ZA_,A_(nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hn! E'b&  8P!!ZA_,A_(nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hnY E'b&  8P!YZA_-A_ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hnFH E'b&  8P!FHZA_-A_ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hn_ E'b&  8P!_ZA_A_ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hnm E'b&  8P!mZA_A_ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hn(  E'b&  8P!( ZA_U-A_ `nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hnn E'b&  8P!nZA_U-A_ `nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**xnxq E'b&  8P!!jxqZA_WA_ 4 nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8854d97c-1eb4-4899-9dd6-1e3478a15801 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 196735c6-4cdf-4cf2-ba66-b2ed99462f27 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hn. ( E'b&  8P!. (ZA_XA_LnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hn'3 E'b&  8P!'3ZA_XA_LnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hn^ E'b&  8P!^ZA_9.A_, hnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hn E'b&  8P!ZA_9.A_, hnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $h**hnko E'b&  8P!koZA_A_nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hno E'b&  8P!oZA_A_nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hnpvdw E'b&  8P!pvdwZA_u.A_L nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hnȽpw E'b&  8P!ȽpwZA_u.A_L nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ainh**hnMLx E'b&  8P!MLxZA_A_xnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &auteh**hnx E'b&  8P!xZA_A_xnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aadah**hnQx E'b&  8P!QxZA_.A_X t nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hn`x E'b&  8P!`xZA_.A_X t nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xncy E'b&  8P!!jcyZA_5/A_X nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0a30b155-10ac-4159-9a5a-346b14bbef3d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d8d7b3c7-75be-401c-81e3-e50d38a7dea2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -nx**hn y E'b&  8P! yZA_7/A_ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hnWy E'b&  8P!WyZA_7/A_ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hnY| E'b&  8P!Y|ZA_>/A_ , nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hn8u| E'b&  8P!8u|ZA_>/A_ , nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hn߉| E'b&  8P!߉|ZA_A_H nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hnM-| E'b&  8P!M-|ZA_A_H nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xnp} E'b&  8P!!jp}ZA_/A_H nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = feb00bf0-d890-4738-88f6-9a2a78855e52 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = efc59b1b-fd5f-4ce1-b817-02fc16366fcc Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hn/} E'b&  8P!/}ZA_/A_T nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hn~} E'b&  8P!~}ZA_/A_T nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aeIh**hnm} E'b&  8P!m}ZA_/A_nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hnY} E'b&  8P!Y}ZA_/A_nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**xn 5~ E'b&  8P!!j 5~ZA_/A_HnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 92252517-e286-4f5d-a4cd-fa64031345df Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b7c9b740-d311-4b4e-80a8-57f884579201 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8-x**hnJS~ E'b&  8P!JS~ZA_EA_< nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**hnk6_~ E'b&  8P!k6_~ZA_EA_< nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**hn3~ E'b&  8P!3~ZA_A_ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hnM~ E'b&  8P!M~ZA_A_ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hnb~ E'b&  8P!b~ZA_)0A_l nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hn=~ E'b&  8P!=~ZA_)0A_l nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hn~ E'b&  8P!~ZA_/0A_ ( nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hn~ E'b&  8P!~ZA_/0A_ ( nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hn E'b&  8P!ZA_A_nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hn E'b&  8P!ZA_A_nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aeIh**hn8) E'b&  8P!8)ZA_0A_ 0 nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hn@=) E'b&  8P!@=)ZA_0A_ 0 nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hnn/ E'b&  8P!n/ZA_A_dLnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hnļ/ E'b&  8P!ļ/ZA_A_dLnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hnn/ E'b&  8P!n/ZA_ 1A_ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hn0 E'b&  8P!0ZA_ 1A_ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Schpt Name =  E'b&  8Pumj|0ZA_=A_nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*hmn2 E'b&  8P!n2ZA_A_ mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hm? E'b&  8P!?ZA_A_ mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hm| E'b&  8P!|ZA_A_mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hmD E'b&  8P!DZA_A_mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hm'2% E'b&  8P!'2%ZA_A_L mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hmM4 E'b&  8P!M4ZA_A_L mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &quehe Number = 1 E'b&  8P SjDZA_A_L mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @P! ZA_A_@ tmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah&8hPrational &ElfChnknono|M^/h(P=f?mMF&a**n|0 E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j|0ZA_=A_nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = fec1230a-6797-4dd4-a5d6-b529f05860f0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = abc18694-45e1-4f47-b824-3e3d053eaf0d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ac **nYF0 E'b&  8P9!YF0ZA_>A_dnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c(d **hn0 E'b&  8P!0ZA_>A_dnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aaceh**hn 1 E'b&  8P! 1ZA_A_ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**hn1 E'b&  8P!1ZA_A_ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**hnx E'b&  8P!xZA_G2A_LH nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hnZ E'b&  8P!ZZA_G2A_LH nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hna, E'b&  8P!a,ZA_2A_ ` nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hnuҬ E'b&  8P!uҬZA_2A_ ` nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hn< E'b&  8P!<ZA_2A_ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hn E'b&  8P!ZA_2A_ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xnp` E'b&  8P!!jp`ZA_Z3A_\ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 77331930-2a04-4ef3-870c-80af708b9e93 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 47c48a70-1e25-40aa-83ef-c54b223a1465 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. H E'b&  8P!>HZA_6A_ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hng E'b&  8P!gZA_6A_ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hnp E'b&  8P!pZA_6A_nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hn E'b&  8P!ZA_6A_nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hnO E'b&  8P!OZA_6A_@ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hn1  E'b&  8P!1 ZA_6A_@ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hnaʙ E'b&  8P!aʙZA_uA_ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hnٙ E'b&  8P!ٙZA_uA_ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xnU E'b&  8P!!jUZA_cA_ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b92deb9f-95e4-463e-90c4-c578a426496f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7fa285e3-faa8-4343-8de8-79b8368dc5be Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hn}| E'b&  8P!}|ZA_E7A_LnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hni E'b&  8P!iZA_E7A_LnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $h**hnҨ E'b&  8P!ҨZA_Q7A_ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hn E'b&  8P!ZA_Q7A_ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**xnnR E'b&  8P!!jnRZA_7A_ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9387efdb-d81d-4410-b9e9-36ad9ba0df9d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 29aafede-29ff-4de8-a92b-96c49b4cbd1c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hn 9 E'b&  8P! 9ZA_A_ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hn6E E'b&  8P!6EZA_A_ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hnQm E'b&  8P!QmZA_A_t nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hn>{ E'b&  8P!>{ZA_A_t nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hn  E'b&  8P! ZA_18A_4d nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hn{ E'b&  8P!{ZA_18A_4d nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a-nh**hn E'b&  8P!ZA_68A_L nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hnp E'b&  8P!pZA_68A_L nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hn8B E'b&  8P!8BZA_u8A_\ \ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hn!%B E'b&  8P!!%BZA_u8A_\ \ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hn>L E'b&  8P!>LZA_A_h 7oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h8oFe E'b&  8P!FeZA_;>A_h 8oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**x9oވe E'b&  8P!!jވeZA_A_hL 9oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 066cc6e9-95a2-41e8-8423-6595fdc223f4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f295ec34-1d1a-4f08-a781-36849110db7a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**h:os٤e E'b&  8P!s٤eZA_>A_, :oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h;oe E'b&  8P!eZA_>A_, ;oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aeIh**hoGY  E'b&  8P!GY ZA_A_l>oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h?og  E'b&  8P!g ZA_A_l?oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h@o E'b&  8P!ZA_?A_l @oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hAo E'b&  8P!ZA_?A_l AoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hBoQ E'b&  8P!QZA_+A_, 0BoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hCoqr E'b&  8P!qrZA_+A_, 0CoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**xDo`R E'b&  8P!!j`RZA_A_, DoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7ef939bf-3f42-4d0c-84f2-85bfabbfe817 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b56c08f0-c407-4218-8858-9f2569d21b85 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hEo o E'b&  8P! oZA_?A_h EoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hFoz E'b&  8P!zZA_?A_h FoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**hGo E'b&  8P!ZA_?A_ GoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hHoM E'b&  8P!MZA_?A_ HoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $h**hIoG, E'b&  8P!G,ZA_A_|IoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hJo? E'b&  8P!?ZA_A_|JoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hKo@( E'b&  8P!@(ZA_A_LL KoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hLo{\8 E'b&  8P!{\8ZA_A_LL LoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hMo5 E'b&  8P!5ZA_@A_ xMoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hNo% E'b&  8P!%ZA_@A_ xNoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hOo( E'b&  8P!(ZA_@A_T OoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hPoT5 E'b&  8P!T5ZA_@A_T PoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**xQoa+ E'b&  8P!!ja+ZA_A_T QoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 74e7fd41-dcbd-483a-baf1-82ddeebeeb4e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e575824f-34ed-4383-a7e7-6476ff7123a0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -nx**hRo E'b&  8P!ZA_ AA_ RoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hSo E'b&  8P!ZA_ AA_ SoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hTox E'b&  8P!xZA_\A_4ToMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hUowނ E'b&  8P!wނZA_\A_4UoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hVoԡ E'b&  8P!ԡZA_.AA_T$ VoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hWoϿ E'b&  8P!ϿZA_.AA_T$ WoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xXo% E'b&  8P!!j%ZA_1A_TXoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c482539f-26a2-4439-9d55-528081c9ed65 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 034c65f3-fb35-4e6f-a369-a0f2ea12180d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hYoB E'b&  8P!BZA_]AA_ YoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hZoQ E'b&  8P!QZA_]AA_ ZoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aeIh**h[oor E'b&  8P!orZA_5A_$ [oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h\o*K E'b&  8P!*KZA_5A_$ \oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h]o4 E'b&  8P!4ZA_:A_Dt ]oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h^o³ E'b&  8P!³ZA_:A_Dt ^oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**x_o# E'b&  8P!!j#ZA_A_D _oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3d63e815-3ba4-4671-8bb3-6987b7133973 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c5221d19-b4b5-4639-bf4c-3f19ee9e2ba3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**h`oiG E'b&  8P!iGZA_AA_`oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hao]V E'b&  8P!]VZA_AA_aoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hbo[r E'b&  8P![rZA_AA_lboMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hco~ E'b&  8P!~ZA_AA_lcoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**xdo, E'b&  8P!!j,ZA_A_lTdoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 34b1678f-d652-4a4e-9240-f14c0328ed35 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ed616a50-4b7b-4be5-ba90-157255e39eb5 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. A_H  oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Roh**hoXD E'b&  8P!XDZA_>A_H  oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**hoWȇ E'b&  8P!WȇZA_AA_p oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &essh**ho$ E'b&  8P!$ZA_AA_p oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**xo9  E'b&  8P!!j9 ZA_GA_ oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = eb66d110-eada-49f6-aa1e-7faa2cc415b6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 258d2fd0-c49a-4ae0-9031-942ee05f8ede Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. tix**hoL E'b&  8P!LZA_GA_ oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Roh**ho*[ E'b&  8P!*[ZA_GA_ oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**hoB E'b&  8P!BZA_:A_ oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &essh**hoXI E'b&  8P!XIZA_;A_0 oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**ho8P E'b&  8P!8PZA_:A_ oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &in3h**hogY E'b&  8P!gYZA_;A_0 oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Wih**hoL E'b&  8P!LZA_GA_oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**hot E'b&  8P!tZA_GA_oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ommhd Name =  E'b&  8P =jpKZA_HA_LoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@erShell Error Message = System error.  E'b&  8P!3>ZA_A_T oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**ho q# E'b&  8P! q#ZA_A_T oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**ho> E'b&  8P!>ZA_HA_ oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hoN E'b&  8P!NZA_HA_ oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hp E'b&  8P!ZA_ A_ pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hp E'b&  8P!ZA_ A_ pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hpk E'b&  8P!kZA_ A_ pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hpx E'b&  8P!xZA_ A_ pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hp v E'b&  8P! vZA_ A_D pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hp9 E'b&  8P!9ZA_ A_D pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hp/$ E'b&  8P!/$ZA_IA_pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hp E'b&  8P!ZA_IA_pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xppCC E'b&  8P!!jpCCZA_IA_pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d89ff9cc-3875-44ca-93b2-28a2ae1d84f3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 45c49286-b943-45c0-99ff-9a03167e9e48 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @x**h p_ E'b&  8P!_ZA_IA_pl pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a;@h**h pk E'b&  8P!kZA_IA_pl pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a;@h**h pkܔ E'b&  8P!kܔZA_JA_D D pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a;@h**h pM E'b&  8P!MZA_JA_D D pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a;@h**h p0 E'b&  8P!0ZA_u A_( pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a;@h**hpx E'b&  8P!xZA_u A_(pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a;@h**hp0=> E'b&  8P!0=>ZA_ A_ pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a;@h**hpΤR> E'b&  8P!ΤR>ZA_ A_ pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a;@h**hpGF E'b&  8P!GFZA_KA_ pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a;@h**hp/^F E'b&  8P!/^FZA_KA_ pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a;@h**hp/~F E'b&  8P!/~FZA_"KA_ pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a;@h**hpF E'b&  8P!FZA_"KA_ pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a;@h**xp9G E'b&  8P!!j9GZA_$ A_pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a292a16a-d413-4a91-a7ab-ee1b66ab84d2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 419150de-dfd6-4d6d-8e95-3ea44447949b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Zx**hp7pѥۣ E'b&  8P!ѥۣZA_PA_>pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h?psv E'b&  8P!svZA_PA_?pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h@pe9 E'b&  8P!e9ZA_1A_hL@pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hApH E'b&  8P!HZA_1A_hLApMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hBpS#i E'b&  8P!S#iZA_PA_@t BpMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hCpTqw E'b&  8P!TqwZA_PA_@t CpMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh-Windows-Pow E'b&  8P/Oj߉ZA_A_@XDpMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**hot E'b&  8P!tZA_GA_oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ommhd Name =  E'b&  8P =jpKZA_HA_LoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@erShell Error Message = System error. N E'b&  8P!!j>NZA_A_ hypMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 465431c6-5ab2-41a6-9107-4ef0d16189e9 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b5c09675-b95c-42ca-89b9-6d0954835ded Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. sox**hzp[p E'b&  8P![pZA_A_LX zpMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h{p4{ E'b&  8P!4{ZA_A_LX {pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h|p E'b&  8P!ZA_A_ |pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h}p E'b&  8P!ZA_A_ }pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h~pao E'b&  8P!aoZA_A_ ~pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hp-o E'b&  8P!-oZA_A_ pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hp.Js E'b&  8P!.JsZA_WA_@pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hp9Ys E'b&  8P!9YsZA_WA_@pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hp&zs E'b&  8P!&zsZA_A_H pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hp{us E'b&  8P!{usZA_A_H pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**xpat E'b&  8P!!jatZA_,XA_Hp pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1b7e03ae-7755-4da5-bef2-615ef71681a4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b1692243-9090-45a5-b74c-f7bb9f0044d2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. sox**hp9t E'b&  8P!9tZA_lA_`8pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hp~Et E'b&  8P!~EtZA_lA_`8pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hpʳt E'b&  8P!ʳtZA_SXA_ pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hp t E'b&  8P! tZA_SXA_ pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hp` E'b&  8P!`ZA_A_ pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hpƮ E'b&  8P!ƮZA_A_ pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hp! E'b&  8P!!ZA_XA_ pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hp֗! E'b&  8P!֗!ZA_XA_ pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hp" E'b&  8P!"ZA_XA_` pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**hp" E'b&  8P!"ZA_XA_` pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**hp< # E'b&  8P!< #ZA_ A_pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aqueh**hp# E'b&  8P!#ZA_ A_pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**xpǒ# E'b&  8P!!jǒ#ZA_YA_ pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4b2893c1-0ceb-41c2-b61f-d81f9ff1c93b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8a8b05c2-bb87-4448-b81b-697b47767b9a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. sox**hp<# E'b&  8P!<#ZA_BA_ pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hpD# E'b&  8P!D#ZA_BA_ pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hp& E'b&  8P!&ZA_YA_DpMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hp&& E'b&  8P!&&ZA_YA_DpMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hpvG& E'b&  8P!vG&ZA_YA_$ pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hp@S& E'b&  8P!@S&ZA_YA_$ pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8hP! E'b&  8Ps-j_&ZA_ZA_$ pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @P! ZA_A_ foMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &afs;(=f?mMFY&**XpxIF E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!xIFZA_@eA_(pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hp'F E'b&  8P!'FZA_@eA_(pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hp1-F E'b&  8P!1-FZA_Y&A_ HpMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**hp;F E'b&  8P!;FZA_Y&A_ HpMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**hp0 E'b&  8P!0ZA_eA_h pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**hp> E'b&  8P!>ZA_eA_h pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &00-h**hpW E'b&  8P!WZA_P'A_pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**hpg(" E'b&  8P!g("ZA_P'A_pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nfih**hp`C E'b&  8P!`CZA_ fA_lpMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Conh**hpeS E'b&  8P!eSZA_ fA_lpMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**@p E'b&  8P!jZA_.fA_l pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Yp;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 782c5ee2-9a63-4894-a1f3-b00940a43401 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 58488b78-113a-4fd5-8a21-6ccadca380af Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**hp{V E'b&  8P!{VZA_+(A_t pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hp E'b&  8P!ZA_+(A_t pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hpRs E'b&  8P!RsZA_B(A_ pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hpj E'b&  8P!jZA_B(A_ pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hp^ E'b&  8P!^ZA_)A_p pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hpJ E'b&  8P!JZA_)A_p pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hpa E'b&  8P!aZA_@)A_H X pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hpS E'b&  8P!SZA_@)A_H X pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hp\ E'b&  8P!\ZA_wgA_$ pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hp+ E'b&  8P!+ZA_wgA_$ pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**xpK E'b&  8P!!jKZA_hA_$ h pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 41d773de-aea2-48da-bb67-a6b07cecda56 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ce0eae43-478a-4ca3-9362-5276af02436e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hpժ E'b&  8P!ժZA_hA_pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hp`g E'b&  8P!`gZA_hA_pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hq6RY E'b&  8P!6RYZA_)A_ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hqԍk E'b&  8P!ԍkZA_)A_ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hqzJ E'b&  8P!zJZA_*A_, , qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hqhK E'b&  8P!hKZA_*A_, , qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hqR E'b&  8P!RZA_hA_4 qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hqjR E'b&  8P!jRZA_hA_4 qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hq^S E'b&  8P!^SZA_MiA_$L qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hq}S E'b&  8P!}SZA_MiA_$L qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hq6T E'b&  8P!6TZA_SiA_tqMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h q6ET E'b&  8P!6ETZA_SiA_t qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**x q39T E'b&  8P!!j39TZA_iA_t qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 04cc75b2-6599-4b00-acc8-b414cfd6e63e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ecef3e66-81bd-44a2-9adb-9d5ab1c7454d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ntx**h qaT E'b&  8P!aTZA_iA_  qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h q2U E'b&  8P!2UZA_iA_  qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h qpU E'b&  8P!pUZA_iA_ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hq"U E'b&  8P!"UZA_iA_ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hqU E'b&  8P!UZA_iA_ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hqHV E'b&  8P!HVZA_iA_ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**xql|V E'b&  8P!!jl|VZA_b,A_`qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 50e5ecfa-f38c-484b-8e21-0da139ac05ff Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0b02b1d4-4958-4937-9d2f-67f9ff19b7c4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ntx**hqRV E'b&  8P!RVZA_djA_ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hqrV E'b&  8P!rVZA_djA_ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hqsV E'b&  8P!sVZA_h,A_ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hq_V E'b&  8P!_VZA_h,A_ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**xqVW E'b&  8P!!jVWZA_,A_qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5a56768f-b5d6-44e9-adc6-6c9a1ad6a6d0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = adad6ffb-a5be-407e-956f-dbb363b5ada8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. &x**hqywW E'b&  8P!ywWZA_,A_0qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &'b&h**hqRW E'b&  8P!RWZA_,A_0qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &'b&h**hq[ߒW E'b&  8P![ߒWZA_kA_@ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Th**hq8W E'b&  8P!8WZA_kA_@ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hqqW E'b&  8P!qWZA_$-A_(qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Stoh**hqW E'b&  8P!WZA_$-A_(qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceh**hq(W E'b&  8P!(WZA_A-A_qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hq X E'b&  8P! XZA_A-A_qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hqП E'b&  8P!ПZA_kA_0\ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h q, E'b&  8P!,ZA_kA_0\ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h!qK E'b&  8P!KZA_-A_T$ !qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h"qT E'b&  8P!TZA_-A_T$ "qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h#qo E'b&  8P!oZA_NlA_ 0#qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h$q  E'b&  8P! ZA_NlA_ 0$qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**x%q  E'b&  8P!!j ZA_nlA_ %qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9518ef6a-62a2-4272-a1af-c33b34cce3c2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9ee0ca85-f09a-4af6-ba5c-7b18b2cdc5dd Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rsx**h&qi  E'b&  8P!i ZA_rlA_&qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h'qޱ  E'b&  8P!ޱ ZA_rlA_'qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h(q9*  E'b&  8P!9* ZA_q/A_x |(qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h)q6  E'b&  8P!6 ZA_q/A_x |)qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h*q̈́r E'b&  8P!̈́rZA_lA_8|*qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h+qڽ E'b&  8P!ڽZA_lA_8|+qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h,q E'b&  8P!ZA_h0A_ ,qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h-qkB E'b&  8P!kBZA_h0A_ -qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h.q%ʻ E'b&  8P!%ʻZA_/mA_ .qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h/qYֻ E'b&  8P!YֻZA_/mA_ /qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**x0quL E'b&  8P!!juLZA_\1A_ 0qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = db2cff37-468f-4550-9ce0-66002be1f3c8 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 93b021d9-a11d-41d6-9648-9782664a4f2b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**h1q$i E'b&  8P!$iZA_`1A_ 1qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h2qDu E'b&  8P!DuZA_`1A_ 2qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h3q¯ E'b&  8P!¯ZA_1A_t 3qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h4q E'b&  8P!ZA_1A_t 4qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h5qrbc E'b&  8P!rbcZA_mA_d5qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h6qMrc E'b&  8P!MrcZA_mA_d6qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h7q$Bk E'b&  8P!$BkZA_mA_ 7qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h8qLOk E'b&  8P!LOkZA_mA_ 8qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**h9q^Sl E'b&  8P!^SlZA_nA_4t9qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h:qBbl E'b&  8P!BblZA_nA_4t:qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h;qXl E'b&  8P!XlZA_3A_;qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hqң\m E'b&  8P!ң\mZA_3A_ >qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h?qlm E'b&  8P!lmZA_3A_ ?qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h@q,?nn E'b&  8P!,?nnZA_3A_\ d@qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hAqc|n E'b&  8P!c|nZA_3A_\ dAqMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8hP! E'b&  8Ps-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah&8hPrational &ElfChnkBqqBqq`v XC}(L =f?mMF &**XBqn E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!nZA_3A_ BqMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hCq5n E'b&  8P!5nZA_3A_ CqMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**@Dq]o E'b&  8P!j]oZA_Z4A_ DqMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  p;)(A?L oData= ContextInfo A'L =UserData A%L =Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2a7e1478-d595-40fc-8173-795155a2b147 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = de382d50-b5bc-471b-bba9-3a2357cb2089 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**hEq/o E'b&  8P!/oZA_[4A_ 8 EqMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceh**hFq(p E'b&  8P!>pZA_rA_hoqMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hpqͦ E'b&  8P!ͦZA_rA_hpqMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&h**hqq: E'b&  8P!:ZA_;A_ qqMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &'b&h**hrqΈ E'b&  8P!ΈZA_;A_ rqMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &'b&h**hsqD{ E'b&  8P!D{ZA_IA_H qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**hqҎ E'b&  8P!ҎZA_*>A_H qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**hq0L E'b&  8P!0LZA_uA_qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hql]\ E'b&  8P!l]\ZA_uA_qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hq E'b&  8P!ZA_uA_@qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hq֓ E'b&  8P!֓ZA_uA_@qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &inh**xq1 E'b&  8P!!j1ZA_4?A_@qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4688a7de-286b-4e79-b093-f73431fdf07c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6705a1a9-5507-4495-9ecf-87c01d9e2093 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. yA_\ l qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hq4k E'b&  8P!4kZA_>yA_\ l qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xqu E'b&  8P!!juZA_CA_\ 0 qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 218c769b-d8a4-451b-8197-4f5ddbfc314a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 19582d93-2081-4333-ad9b-092cee9cc472 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Adx**hqz@  E'b&  8P!z@ ZA_VyA_T p qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hqT E'b&  8P!TZA_VyA_T p qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hq E'b&  8P!ZA_DA_ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hq E'b&  8P!ZA_DA_ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hq[g E'b&  8P![gZA_KEA_ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hqvy E'b&  8P!vyZA_KEA_ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hq0/# E'b&  8P!0/#ZA_yA_p qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hq1 E'b&  8P!1ZA_yA_p qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hqCX E'b&  8P!CXZA_yA_ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hq@g E'b&  8P!@gZA_yA_ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hq E'b&  8P!ZA_EA_qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hq~ E'b&  8P!~ZA_EA_qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xq? E'b&  8P!!j?ZA_|FA_lqMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2b648d70-a0e2-4068-93d8-fa390255362a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1a9f5892-2cf2-43ed-93f2-1672b1afe57c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**hqm E'b&  8P!mZA_FA_ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hqk{ E'b&  8P!k{ZA_FA_ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hqh E'b&  8P!hZA_FA_ L qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hq E'b&  8P!ZA_FA_ L qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hq & E'b&  8P! &ZA_OzA_ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hq6 E'b&  8P!6ZA_OzA_ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**xqU E'b&  8P!!jUZA_zA_ LqMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b304ff24-b837-492e-a6d3-8d08e09104c4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c9918462-a914-4503-a801-90e7efcf1b29 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hqxkۧ E'b&  8P!xkۧZA_zA_ lqMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hq6W E'b&  8P!6WZA_zA_ lqMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hqW E'b&  8P!WZA_zA_hqMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hq$ E'b&  8P!$ZA_zA_hqMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**xq) E'b&  8P!!j)ZA_GA_hqMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 15e71ad1-7e15-44bb-950b-e81dff68f94e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = cdc06343-2e0d-4c7f-938d-d3b3cb45eb40 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hq E'b&  8P!ZA_{A_4qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hqM E'b&  8P!MZA_{A_4qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Stoh**hq^5Ҩ E'b&  8P!^5ҨZA_GA_ dqMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceh**hq E'b&  8P!ZA_GA_ dqMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hq E'b&  8P!ZA_{A_4 DqMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hq E'b&  8P!ZA_{A_4 DqMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hq2% E'b&  8P!2%ZA_!HA_ ,qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hq1 E'b&  8P!1ZA_!HA_ ,qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hq N  E'b&  8P! N ZA_HA_ x qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hqO  E'b&  8P!O ZA_HA_ x qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hqvuZ  E'b&  8P!vuZ ZA_ IA_pqMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hq=Z  E'b&  8P!=Z ZA_ IA_pqMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hq—-Z  E'b&  8P!—-Z ZA_ IA_ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hqrq>r2`9(=f?mMFQ&**Xq϶ʶ  E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!϶ʶ ZA_LA_ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hq  E'b&  8P! ZA_A_X PqMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hqc  E'b&  8P!c ZA_A_X PqMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hq  E'b&  8P! ZA_LA_qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Verh**hqa&  E'b&  8P!a& ZA_LA_qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Acth**@q]  E'b&  8P!j] ZA_EMA_TqMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Qp;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 18e87a31-8c9b-4846-ab18-297f117ec433 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 13e99bee-2009-43ec-8f5d-c74df79e098a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**hqP  E'b&  8P!P ZA_́A_4 qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceh**hq ɽ  E'b&  8P! ɽ ZA_́A_4 qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**hq  E'b&  8P! ZA_ҁA_ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & (-h**hq  E'b&  8P! ZA_ҁA_ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**xqȱ`  E'b&  8P!!jȱ` ZA_MA_$ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1a581aab-90d1-44b5-b4ce-446675b5d113 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 28328554-8ca0-4b71-85ac-7239d327b1ab Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error.  E'b&  8P!> ZA_A_Ll /rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &me h**x0r:q  E'b&  8P!!j:q ZA_UA_L@ 0rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 43143edc-d7fe-455b-9f07-d38d1ae20fe5 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9aee7431-5069-46de-a0e6-6a179e86af50 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h1r_  E'b&  8P!_ ZA_UA_( 1rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h2r  E'b&  8P! ZA_UA_( 2rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h3rg  E'b&  8P!g ZA_UA_\3rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h4rqU  E'b&  8P!qU ZA_UA_\4rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h5r  E'b&  8P! ZA_A_8X 5rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h6r{  E'b&  8P!{ ZA_A_8X 6rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h7r"  E'b&  8P!" ZA_UA_ ,7rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h8rdG!  E'b&  8P!dG! ZA_UA_ ,8rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h9rͨ  E'b&  8P!ͨ ZA_A_T 9rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h:rH  E'b&  8P!H ZA_A_T :rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h;rl\  E'b&  8P!l\ ZA_hA_$ t;rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hrs7  E'b&  8P!s7 ZA_/WA_ >rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Prehx '0.0.0.0/0 E'b&  8P jh ZA_WA_ ( ?rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ddc22f35-d08e-4258-97e1-ce742db195df Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. uex**hqh  E'b&  8P!h ZA_LA_ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8hP! E'b&  8Ps-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onah&8hPrational &ElfChnk?rr?rrX/x8*q(P=f?mMF&a**?rh  E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jh ZA_WA_ ( ?rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b20d8861-e518-4ee3-ab49-2b833363e862 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 03f0abfa-7457-4281-b35c-c6f38fe34672 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. an**@rφ  E'b&  8P9!φ ZA_WA_`@rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c({ **hArۆ  E'b&  8P!ۆ ZA_WA_`ArMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hBrL  E'b&  8P!L ZA_qA_hBrMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**hCrfW  E'b&  8P!fW ZA_qA_hCrMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hDr2 E'b&  8P!2ZA_A_$ DrMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hEr12 E'b&  8P!12ZA_A_$ ErMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aaceh**hFrM8 E'b&  8P!M8ZA_XA_ FrMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**hGrj8 E'b&  8P!j8ZA_XA_ GrMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**hHrS8 E'b&  8P!S8ZA_A_ HrMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**hIrG{9 E'b&  8P!G{9ZA_A_ IrMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xJrx9 E'b&  8P!!jx9ZA_ӋA_ JrMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f1426268-2d0f-4f1b-97bc-350fe61d007a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8207480b-73ce-4542-970c-618bfcdc8ef7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error.  E'b&  8P!A>ZA_ A_, VrMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**xWr E'b&  8P!!jZA_~A_, WrMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 76743be4-1c42-424e-97e8-e29441b92e24 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 10e2023f-4283-44dd-bb01-c3b6c47fbb63 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Scx**hXr?6B E'b&  8P!?6BZA_A_hXrMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &am E'b&  8P!E>mZA_[A_ h drMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a4h**her^ E'b&  8P!^ZA_{A_ erMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hfr) E'b&  8P!)ZA_{A_ frMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**xgr֙ E'b&  8P!!j֙ZA_ÏA_grMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8f5eaf31-22c0-487b-b36f-42377ecd26f8 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 78b9b0f1-258c-41ce-b7c4-88a441b3c76b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. sex**hhr0 E'b&  8P!0ZA_ǏA_hrMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hir< E'b&  8P!<ZA_ǏA_irMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hjra[ E'b&  8P!a[ZA_ʏA_jrMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aTh**hkr Ng E'b&  8P! NgZA_ʏA_krMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aTh**xlr E'b&  8P!!jZA_dA_lrMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = dcc2b4f4-b2f9-4a07-a3cc-da701e898f8e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4687cac8-1a01-4103-9126-c98e262449e8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. tRx**hmr=| E'b&  8P!=|ZA_\A_ mrMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arouh**hnr" E'b&  8P!"ZA_\A_ nrMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aapth**horݼ? E'b&  8P!ݼ?ZA_7]A_ orMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a# sh**hpr5N E'b&  8P!5NZA_7]A_ prMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hqr|d E'b&  8P!|dZA_A]A_hqrMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arsth**hrrk E'b&  8P!kZA_A_xrrMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aFirh**hsrqp E'b&  8P!qpZA_A]A_hsrMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aa70h**htry E'b&  8P!yZA_A_xtrMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aUseh**hurH E'b&  8P!HZA_ߐA_urMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ap h**hvr0V E'b&  8P!0VZA_ߐA_vrMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ap h**hwrm E'b&  8P!mZA_^A_ wrMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$h**hxr<| E'b&  8P!<|ZA_^A_ xrMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$h**hyrA& E'b&  8P!A&ZA_"A_x yrMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hzrߖ E'b&  8P!ߖZA_"A_x zrMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**x{rJ' E'b&  8P!!jJ'ZA_A_X{rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 200d4d4c-86e8-48f1-ac6d-94bfcc1d39ff Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = beb020cf-08fc-46c5-a412-fa44a659ecd7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. sex**h|r$G E'b&  8P!$GZA__A_T |rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h}r\R E'b&  8P!\RZA__A_T }rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h~rǏ E'b&  8P!ǏZA_ڑA_ ~rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aLh**hr̢ E'b&  8P!̢ZA_ڑA_ rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aLh**hrvK E'b&  8P!vKZA_`A_ , rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aLh**hr.K E'b&  8P!.KZA_`A_ , rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hr?T E'b&  8P!?TZA_A_tprMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &actih**hrJT E'b&  8P!JTZA_A_tprMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Roh**hrlT E'b&  8P!lTZA_aA_8 rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**hr}yT E'b&  8P!}yTZA_aA_8 rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aessh**xr4U E'b&  8P!!j4UZA_A_8 rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 07d42b17-07e9-4f29-9c92-1fc63625d934 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 454b8b8d-5165-4039-a02e-4f80b9c6beca Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8x**hr˒1U E'b&  8P!˒1UZA_aA_ T rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hr2?U E'b&  8P!2?UZA_aA_ T rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hrU E'b&  8P!UZA_aA_< rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aT h**hr+U E'b&  8P!+UZA_aA_< rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aT h**hr% E'b&  8P!%ZA_bA_ @ rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$ h**hrW! E'b&  8P!W!ZA_bA_ @ rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$ h**hr| E'b&  8P!|ZA_oA_4rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hr  E'b&  8P! ZA_oA_4rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hr E'b&  8P!ZA_bA_d t rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hr*. E'b&  8P!*.ZA_bA_d t rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hrx E'b&  8P!xZA_bA_p 4 rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hr8s E'b&  8P!8sZA_bA_p 4 rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh $mac) { t E'b&  8PrrjZA_AcA_p 4rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ddc22f35-d08e-4258-97e1-ce742db195df Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. uex**hqh  E'b&  8P!h ZA_LA_ qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8hP! E'b&  8Ps-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onah&8hPrational &ElfChnkrrrr`ס0j;(P=f?mMF&a**r E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jZA_AcA_p 4rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2398eeae-9dfa-4347-8259-9cb8ecd978b3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = bfeca36d-c45a-42a9-8136-106731464de9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. an**rmI E'b&  8P9!mIZA_KA_L rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c({ **hr YU E'b&  8P! YUZA_KA_L rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hr E'b&  8P!ZA_A_t0rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**hrJ E'b&  8P!JZA_A_t0rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hrf: E'b&  8P!f:ZA_A_ rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hruRF E'b&  8P!uRFZA_A_ rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aaceh**xr E'b&  8P!!jZA_fA_ 0 rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c1b01f9e-8a21-4bd9-904c-aaad02ba6685 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4ad4357a-9a15-4aa5-81ce-75a54d114459 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hr E'b&  8P!ZA_jA_` L rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hr E'b&  8P!ZA_jA_` L rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hrWB E'b&  8P!WBZA_ϕA_X rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hrWP E'b&  8P!WPZA_ϕA_X rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a) E'b&  8P!8>)ZA_aA_$ rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hr=H E'b&  8P!=HZA_iA_0 ,rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hrT E'b&  8P!TZA_iA_0 ,rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**xr E'b&  8P!!jZA_A_0 rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5095ec6b-f10b-4ab1-8c96-70f0730a0101 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4f238948-34a7-44b9-8e63-3ac5f5421160 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. asx**hr* E'b&  8P!*ZA_A_d rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aresh**hr@ E'b&  8P!@ZA_A_d< rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hr@ E'b&  8P!@ZA_A_d rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hr@ E'b&  8P!@ZA_A_d< rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af7 E'b&  8P!w>7ZA_qA_hsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hsN7 E'b&  8P!N7ZA_qA_hsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xs:7 E'b&  8P!!j:7ZA_rA_0sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e6786d8f-3680-428c-b27b-c87087ef028e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a00c1974-98fa-4a91-b514-5760eb214df1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8x**hs7 E'b&  8P!7ZA_A_sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hs7 E'b&  8P!7ZA_A_sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hs 8 E'b&  8P! 8ZA_A_ 8 sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hsT 8 E'b&  8P!T 8ZA_A_ 8 sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xs8 E'b&  8P!!j8ZA_KsA_ sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6a0eaede-3c4d-4ba1-a513-ba58c1a90aa0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 69b59c01-7fc0-4781-b686-b91ecfc2a801 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hs2c8 E'b&  8P!2c8ZA_A_(sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hs/ߩ8 E'b&  8P!/ߩ8ZA_A_(sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hs8 E'b&  8P!8ZA_QsA_d TsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hsD8 E'b&  8P!D8ZA_QsA_d TsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hsU8 E'b&  8P!U8ZA_hA_l sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hs"8 E'b&  8P!"8ZA_hA_l sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hsf9 E'b&  8P!f9ZA_oA_ sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hsSR)9 E'b&  8P!SR)9ZA_oA_ sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hs3 E'b&  8P!3ZA_XtA_( sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hsK8 E'b&  8P!K8ZA_XtA_( sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h sy E'b&  8P!yZA_tA_$  sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h!s"$ E'b&  8P!"$ZA_tA_$  !sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h"sFD E'b&  8P!FDZA_@A_`"sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h#sQ E'b&  8P!QZA_@A_`#sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**x$sW( E'b&  8P!!jW(ZA_դA_@$sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 69815909-5d2b-44f4-8936-f994dbe6da0a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5506f96d-3a04-40c8-acd6-fab791f11ef1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h%sI E'b&  8P!IZA_֤A_ %sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h&s=4 E'b&  8P!=4ZA_֤A_ &sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h'sW E'b&  8P!WZA_*uA_h'sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h(sb E'b&  8P!bZA_*uA_h(sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h)s'Gj E'b&  8P!'GjZA_uA_ )sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**h*sw E'b&  8P!wZA_uA_ *sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h+s? E'b&  8P!?ZA_A_+sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h,s{ E'b&  8P!{ZA_A_,sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h-s E'b&  8P!ZA_xvA_ , -sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h.s# E'b&  8P!#ZA_xvA_ , .sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**x/s E'b&  8P!!jZA_3A_ /sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 54ce852f-cbc5-4604-929c-f903e2a985f3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e894f964-6b6b-4694-8ea8-e4506a2f0867 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. drx**h0so E'b&  8P!oZA_wA_Dh 0sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h1slڿ E'b&  8P!lڿZA_wA_Dh 1sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h2s- E'b&  8P!-ZA_ܦA_ 2sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**h3s"h; E'b&  8P!"h;ZA_ܦA_ 3sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h4szY? E'b&  8P!zY?ZA_wA_`4sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h5sg? E'b&  8P!g?ZA_wA_`5sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h6s:G E'b&  8P!:GZA_wA_L T 6sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h7sKNG E'b&  8P!KNGZA_wA_L T 7sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h8sH E'b&  8P!HZA_xA_0  8sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Coh**h9sO I E'b&  8P!O IZA_xA_0  9sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &icyh**h:sMI E'b&  8P!MIZA_|A_ :sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ix h**h;sH~[I E'b&  8P!H~[IZA_|A_ ;sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**xss4J E'b&  8P!s4JZA_$A_ >sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**h?sO E'b&  8P!OZA_cA_ ?sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**h@sO E'b&  8P!OZA_cA_ @sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**hAsy`O E'b&  8P!y`OZA_mA_| AsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**hBs2O E'b&  8P!2OZA_mA_| BsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &00-h**@CsCYP E'b&  8P!jCYPZA_xA_| CsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c0651baf-754a-475c-93b4-c173c56c07b8 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b2ab89bd-0bd7-4037-8b92-5c1e4e372537 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**hDscwP E'b&  8P!cwPZA_xA_pLDsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &$mah**hEshXP E'b&  8P!hXPZA_xA_pLEsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sh**hFs=P E'b&  8P!=PZA_A_ FsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nh**hGsMkP E'b&  8P!MkPZA_A_ GsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hHsGS E'b&  8P!GSZA_A_ HsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hIs.S E'b&  8P!.SZA_A_ IsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hJsUS E'b&  8P!USZA_A_0JsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hKs.eS E'b&  8P!.eSZA_A_0KsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**xLsS E'b&  8P!!jSZA_zA_0LsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 28888936-48fa-4abb-b55b-d20c5de9d4bb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 836f0f3c-c5ff-42c8-ba42-c505f2270ddd Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -nx**hMs:S E'b&  8P!:SZA_0A_DMsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**hNs&T E'b&  8P!&TZA_0A_DNsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hOs T E'b&  8P! TZA_6A_p OsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hPse,T E'b&  8P!e,TZA_6A_p PsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**xQsUT E'b&  8P!!jUTZA_zA_p xQsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 301bb1d5-2617-4ab0-9545-01ac81e1963c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4d673547-0d97-4183-8641-2a5be5e94973 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. |A_ asMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &f (h**hbsT E'b&  8P!TZA_>|A_ bsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d (h**hcsr E'b&  8P!rZA_A_ csMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**hdsR{~ E'b&  8P!R{~ZA_A_ dsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**hescܬ E'b&  8P!cܬZA_qA_ esMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**hfs E'b&  8P!ZA_qA_ fsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**hgsm  E'b&  8P!m ZA_}A_H gsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hhs  E'b&  8P! ZA_}A_H hsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hisC/ E'b&  8P!C/ZA_ʭA_d isMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hjs; E'b&  8P!;ZA_ʭA_d jsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xksm E'b&  8P!!jmZA_}A_d ksMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7175bf66-e0f0-4874-862b-65ff58883ae6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 50cc0358-909f-4ed6-928a-783231068ab3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hls2ӹ E'b&  8P!2ӹZA_}A_ lsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hms߹ E'b&  8P!߹ZA_}A_ msMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hns/S E'b&  8P!/SZA_A_8 nsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hos_ E'b&  8P!_ZA_A_8 osMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hps96X E'b&  8P!96XZA_MA_ psMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hqsDX E'b&  8P!DXZA_MA_ qsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hrsS_ E'b&  8P!S_ZA_~A_ rsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hsso_ E'b&  8P!o_ZA_~A_ ssMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**htssZ` E'b&  8P!sZ`ZA_%A_L 8tsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hus` E'b&  8P!`ZA_%A_L 8usMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hvs` E'b&  8P!`ZA_A_X 8vsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hwsgU` E'b&  8P!gU`ZA_A_X 8wsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xxsqma E'b&  8P!!jqmaZA_xA_X xsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 96ee1149-bd6b-4496-b3ff-589e90c60916 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a04d6610-a156-4795-b23c-240cb959dabf Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hysFa E'b&  8P!FaZA_yA_xp ysMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**hzs_a E'b&  8P!_aZA_yA_xp zsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**h{svc E'b&  8P!vcZA_A_  {sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**h|sΚc E'b&  8P!ΚcZA_A_  |sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**h}sc E'b&  8P!cZA_A_}sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**h~sc E'b&  8P!cZA_A_~sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**xskCd E'b&  8P!!jkCdZA_kA_8sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 49d1b9f8-1858-4962-ba03-9a42eb439398 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a96e9fa4-ccb2-483f-b17e-c6dadb7280ae Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 4-x**hsKid E'b&  8P!KidZA_lA_ sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &f (h**hs9xd E'b&  8P!9xdZA_lA_ sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d (h**hsmd E'b&  8P!mdZA_հA_hsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**hsd E'b&  8P!dZA_հA_hsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**xs:e E'b&  8P!!j:eZA_kA_sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 12a66742-f70e-4627-a42f-4267f016edd9 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1757321a-1c34-40c9-a55e-fa480414dda0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error.  E'b&  8P!>ZA_A_ xsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**hs3 E'b&  8P!3ZA_A_sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hsK E'b&  8P!KZA_A_sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach E E'b&  8P4ajWZA_A_sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @pt Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8xP! E'b&  8Ps-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah&8hPrational &ElfChnkssssXQ?*(P=f?mMF&a**sW E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jWZA_A_sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4cce8b49-32b2-4c4e-bd6c-88be9d92e4e3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 08329a37-b123-498c-b3ed-6b211352ea4d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ) {**s8t E'b&  8P9!8tZA_A_ sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c((-**hs$ E'b&  8P!$ZA_A_ sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**hs E'b&  8P!ZA_A_X sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hs E'b&  8P!ZA_A_X sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**hs_ N E'b&  8P!_ NZA_A_$ sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hsn\ E'b&  8P!n\ZA_A_$ sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hsdk E'b&  8P!dkZA_A_D@ sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**hs|%z E'b&  8P!|%zZA_A_D@ sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hs/ E'b&  8P!/ZA_oA_dl sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &anh**hs+? E'b&  8P!+?ZA_oA_dl sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**xs E'b&  8P!!jZA_ʅA_d sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a37260fc-7f9a-4f44-a931-2d19f41f6afe Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c7a91d30-f8fa-492a-99ce-43dbc01ec36b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hsF> E'b&  8P!F>ZA_΅A_d sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hs2J E'b&  8P!2JZA_΅A_d sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hsz E'b&  8P!zZA_JA_ xsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hs/y E'b&  8P!/yZA_JA_ xsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a-nh**hs1p E'b&  8P!1pZA_;A_d sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hs<@p E'b&  8P!<@pZA_;A_d sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hsx E'b&  8P!xZA_A_<8sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hs*x E'b&  8P!*xZA_A_<8sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hsy E'b&  8P!yZA_AA_ sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hs#y E'b&  8P!#yZA_AA_ sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hsRfy E'b&  8P!RfyZA_BA_ hsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hs-ty E'b&  8P!-tyZA_BA_ hsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**xs}y E'b&  8P!!j}yZA_A_  sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ba76b6af-e048-48ae-a555-2a53ee7c10f7 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 3c5ef9be-1ff0-4a6c-b5c8-00ce2a7892b4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. l E'b&  8P!U>lZA_A_, sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hsB*x E'b&  8P!B*xZA_A_, sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hs( E'b&  8P!j@& ZA_A_<sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*hs> E'b&  8P!>ZA_A_ xsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**hs3 E'b&  8P!3ZA_A_sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hsK E'b&  8P!KZA_A_sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach E E'b&  8P4ajWZA_A_sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @pt Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8xP! E'b&  8Ps-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah&8hPrational &ElfChnks8ts8t` Cn(P=f?mMF&a**s@&  E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j@& ZA_A_<sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 82b4ba92-3405-4b20-a52d-38971471cd03 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e753a6af-3c51-432a-835a-3b4424b43c0f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ) {**s6 E'b&  8P9!6ZA_A_, sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c((-**hsB E'b&  8P!BZA_A_, sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**hs}] E'b&  8P!}]ZA_IA_LsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hstl E'b&  8P!tlZA_IA_LsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**hsS E'b&  8P!SZA_A_ sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hsǢ E'b&  8P!ǢZA_A_ sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**xs E'b&  8P!!jZA_A_ sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 767de3a5-4661-42e3-ad1e-f3befd73cf49 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ecff00fa-cc3e-4b56-93ef-879f15871c82 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hs? E'b&  8P!?ZA_ܑA_ sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hsxL E'b&  8P!xLZA_ܑA_ sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hspl E'b&  8P!plZA_A_  sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hsz E'b&  8P!zZA_A_  sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $h**xs E'b&  8P!!jZA_CA_ sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 491b455d-0cca-48af-b2f6-aaa3e0d4dd53 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 91257a8d-f50d-4e9a-8a79-93a04a47cbb6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. t! E'b&  8P!!ZA_A_4 >tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &00-h**h?t! E'b&  8P!!ZA_A_4 ?tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**h@t4! E'b&  8P!4!ZA_A_T@tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nfih**hAt@! E'b&  8P!@!ZA_A_TAtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Conh**@BtWE! E'b&  8P!jWE!ZA_-A_BtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(A?$oData= ContextInfo A'$=UserData A%$=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9b4a515c-3e64-428f-beba-5a92fdb27bda Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = bab23934-c606-4213-9402-78085a35bccd Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. n@**hCt! E'b&  8P!!ZA_CA_ CtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hDta! E'b&  8P!a!ZA_CA_ DtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hEtAr! E'b&  8P!Ar!ZA_A_EtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hFty! E'b&  8P!y!ZA_A_FtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hGtj bl! E'b&  8P!j bl!ZA_A_p GtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hHt(ml! E'b&  8P!(ml!ZA_A_p HtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hItD! E'b&  8P!D!ZA_'A_ ItMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hJt! E'b&  8P!!ZA_'A_ JtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hKt! E'b&  8P!!ZA_*A_< tKtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hLt! E'b&  8P!!ZA_*A_< tLtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hMt4r! E'b&  8P!4r!ZA_lA_ MtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hNt,! E'b&  8P!,!ZA_lA_ NtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hOto! E'b&  8P!o!ZA_@A_H OtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hPt[! E'b&  8P![!ZA_@A_H PtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Coh**hQtN ! E'b&  8P!N !ZA_A_08 QtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &icyh**hRtg:! E'b&  8P!g:!ZA_A_08 RtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ix h**xSt! E'b&  8P!!j!ZA_A_0x StMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5aa0e200-1782-4fc2-befc-3d3df6d62eb6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a0aceeb8-8602-4f30-be6d-25c71f34ad9a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8x**hTt! E'b&  8P!!ZA_1A_ TtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hUt(! E'b&  8P!(!ZA_1A_ UtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hVtRK! E'b&  8P!RK!ZA_A_ VtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hWtn! E'b&  8P!n!ZA_A_ WtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hXt! E'b&  8P!!ZA_qA_ XtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hYt! E'b&  8P!!ZA_qA_ YtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xZt*f! E'b&  8P!!j*f!ZA_JA_ZtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 24d534d5-3907-41cf-b228-231394ff3937 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b035b60d-8f28-4d26-a27d-f72a97d5b885 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. anx**h[t̬! E'b&  8P!̬!ZA_NA_ [tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h\tv! E'b&  8P!v!ZA_NA_ \tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h]t! E'b&  8P!!ZA_A_\ ]tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h^t! E'b&  8P!!ZA_A_\ ^tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**h_t=8! E'b&  8P!=8!ZA_A__tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h`tqJ! E'b&  8P!qJ!ZA_A_`tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hatF&V! E'b&  8P!F&V!ZA_A_X TatMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hbt+c! E'b&  8P!+c!ZA_A_X TbtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xct$_! E'b&  8P!!j$_!ZA_A_X $ ctMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2c6ac763-31a1-4a3f-956f-37e83e846380 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 369792df-e91f-4d6f-84b9-573500847a02 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**hdt! E'b&  8P!!ZA_A_d dtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**heta8! E'b&  8P!a8!ZA_A_d etMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hft:.! E'b&  8P!:.!ZA_A_<ftMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hgt,;! E'b&  8P!,;!ZA_A_<gtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**xht(! E'b&  8P!!j(!ZA_A_ htMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0fa95f73-d5c4-4a87-aa7f-ebb2482aa856 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7a016f98-8259-4915-b28c-3229f85f529e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**hit! E'b&  8P!!ZA_A_ itMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hjt! E'b&  8P!!ZA_A_ jtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hkt"! E'b&  8P!"!ZA_A_ktMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hltVr! E'b&  8P!Vr!ZA_A_ltMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hmt;! E'b&  8P!;!ZA_A_ mtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hnt_! E'b&  8P!_!ZA_A_ ntMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hotC! E'b&  8P!C!ZA_A_ otMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hpt:O! E'b&  8P!:O!ZA_A_ ptMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hqtf@t" E'b&  8P!f@t"ZA_A_p qtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hrtMt" E'b&  8P!Mt"ZA_A_p rtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hst؆.z" E'b&  8P!؆.z"ZA_A_ hstMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**httɌXt' E'b&  8P!>Xt'ZA_A_4 uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**hug u' E'b&  8P!g u'ZA_1A_ x uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rouh**huku' E'b&  8P!ku'ZA_1A_ x uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**xuܧu' E'b&  8P!!jܧu'ZA_A_ h uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2623eda9-6e76-437c-9278-97c68d766723 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c14ed82d-86a8-4b88-b634-993b342055f6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Hox**huu' E'b&  8P!u'ZA_A_ puMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**hu*u' E'b&  8P!*u'ZA_A_ puMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**huo>Av' E'b&  8P!o>Av'ZA_A_ uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**hu)Nv' E'b&  8P!)Nv'ZA_A_ uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**huJ ( E'b&  8P!J (ZA_A_ 0uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rouh**h u] ( E'b&  8P!] (ZA_A_ 0 uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h uE( E'b&  8P!E(ZA_A_|H uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &elsh**h u{S( E'b&  8P!{S(ZA_A_|H uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &} h**h ub$( E'b&  8P!b$(ZA_~A_dl uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &101h**h u=N$( E'b&  8P!=N$(ZA_~A_dl uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ROUh**hu%( E'b&  8P!%(ZA_A_uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**huk%( E'b&  8P!k%(ZA_A_uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**xu?%( E'b&  8P!!j?%(ZA_{A_p uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8bc47d4d-fb93-4e01-8c84-c5cfefcfabda Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7e1870da-7f2b-4d7d-b490-4f55e4a1538c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hu7%( E'b&  8P!7%(ZA_A_ 4uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &550h**huv#%( E'b&  8P!v#%(ZA_A_ 4uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ROUh**huJ'( E'b&  8P!J'(ZA_A_ uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hu'( E'b&  8P!'(ZA_A_ uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hu'( E'b&  8P!'(ZA_xA_  uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hu@'( E'b&  8P!@'(ZA_xA_  uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**xuXG(( E'b&  8P!!jXG((ZA_A_ X uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 20c61faa-26a0-4d93-a510-761c1da2c2c0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 559b8721-8cc9-4011-ae6e-1e30ea3cf780 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Hox**hu|d(( E'b&  8P!|d((ZA_!A_d uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**hup(( E'b&  8P!p((ZA_!A_d uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**huS)( E'b&  8P!S)(ZA_A_luMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**hu)( E'b&  8P!)(ZA_A_luMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**hu*|,( E'b&  8P!*|,(ZA_QA_ uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rouh**huZF,( E'b&  8P!ZF,(ZA_QA_ uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hu&,( E'b&  8P!&,(ZA_A_uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &elsh**hu!#,( E'b&  8P!!#,(ZA_A_uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &} h**x uӍ1-( E'b&  8P!!jӍ1-(ZA_-A_0 uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 35450510-66fd-49ae-9713-c6f93f1effe3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c8eb2bce-d46d-47dc-b032-2f61c8e70a26 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h!ub*Z-( E'b&  8P!b*Z-(ZA_.A_ !uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h"uf-( E'b&  8P!f-(ZA_.A_ "uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**h#up1-( E'b&  8P!p1-(ZA_6A_#uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**h$u-( E'b&  8P!-(ZA_6A_$uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**x%u6.( E'b&  8P!!j6.(ZA_A_L %uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = eaeea2ca-6c09-4add-885c-d7c286d22ace Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d6005900-377a-4ba8-99dc-a4f12d124ee0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h&u`.( E'b&  8P!`.(ZA_A_,t&uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h'uL'.( E'b&  8P!L'.(ZA_A_,t'uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h(uL.( E'b&  8P!L.(ZA_9A_ (uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h)u[.( E'b&  8P![.(ZA_9A_ )uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h*up.( E'b&  8P!p.(ZA_gA_ *uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h+uzn.( E'b&  8P!zn.(ZA_gA_ +uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h,u.( E'b&  8P!.(ZA_oA_\ \,uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h-uW.( E'b&  8P!W.(ZA_oA_\ \-uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**h.u C( E'b&  8P! C(@l(t@l(.uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h/u3cI( E'b&  8P!3cI(@l(t@l(/uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**h0u] ( E'b&  8P!] (@l(@l(0uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**h1u( E'b&  8P!(@l(@l(1uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rouh**h&rήg E'b&  8P!j(@l(@l(2uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@$cfg = Get-C E'b&  8PonjYQg! &Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @{ $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 63e2ac7e-c836-40ca-92e6-3e42b5fb5bf6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hj&xu&xe( E'b&  8P!&xe(@l(}@l(>uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**x?u6_( E'b&  8P!!j6_(@l(@l(L ?uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 803aa4fa-c5fb-4be7-9f16-2efecdfc5966 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5e397a0c-d8c2-4563-86af-11d2c9593ddf Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rix**h@uC( E'b&  8P!C(@l(@l(@uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetAh**hAu( E'b&  8P!(@l(@l(AuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a'00h**hBu( E'b&  8P!(@l(@l(lBuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a cah**hCu( ( E'b&  8P!( (@l(@l(lCuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aworh**hDuH&( E'b&  8P!H&(@l( @l( lDuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetwh**hEu32( E'b&  8P!32(@l( @l( lEuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aatch**xFu ( E'b&  8P!!j (@l(R@l( FuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f0cf2a87-1679-47d0-a04d-e338ae14ab1a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4215f474-3351-43a3-9f20-70f5ef1885c7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hGu( E'b&  8P!(@l(@l(( GuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hHu,( E'b&  8P!,(@l(@l(( HuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a 4.h**hIu&( E'b&  8P!&(@l(@l(IuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aferh**hJuz2( E'b&  8P!z2(@l(@l(JuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atrih**hKum$m( E'b&  8P!m$m(@l(f@l( KuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetAh**hLur{( E'b&  8P!r{(@l(f@l( LuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a'00h**xMu( E'b&  8P!!j(@l(@l( MuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d3c74287-1853-4489-8bd2-f186a34faf04 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = df8f58f0-9dd8-4646-9c5a-b53ec9bc6ae4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hNu( E'b&  8P!(@l(@l(NuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hOu ( E'b&  8P! (@l(@l(OuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hPu7>( E'b&  8P!7>(@l( @l(H PuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hQuK( E'b&  8P!K(@l( @l(H QuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hRuhak( E'b&  8P!hak(@l(u@l(8H RuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hSu!`w( E'b&  8P!!`w(@l(u@l(8H SuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xTu( E'b&  8P!!j(@l(I@l(8 TuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = dc785c5a-3077-4d2e-aa64-6aa3157893f1 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 81ac4273-9b3e-425c-bde5-46180bc8a12a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. RKx**hUuu( E'b&  8P!u(@l(M@l(\ UuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hVu *( E'b&  8P! *(@l(M@l(\ VuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hWuK( E'b&  8P!K(@l(4@l(LWuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hXuW( E'b&  8P!W(@l(4@l(LXuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xYuC( E'b&  8P!!jC(@l(@l(L YuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e983dfde-10a6-4d52-b2bc-d252083473fa Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a098b634-f5d2-406f-99c9-634d6721750a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hZu7( E'b&  8P!7(@l(@l(ZuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aea3h**h[uT( E'b&  8P!T(@l(@l([uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aORKh**h\utu( E'b&  8P!tu(@l(@l((p\uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h]uil!( E'b&  8P!il!(@l(@l((p]uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h^u8( E'b&  8P!8(@l(@l(T ^uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h_uZE( E'b&  8P!ZE(@l(@l(T _uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h`uu( E'b&  8P!u(@l(,@l( T`uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hauY( E'b&  8P!Y(@l(,@l( TauMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hbuiO) E'b&  8P!iO)@l(@l( buMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hcu[) E'b&  8P![)@l(@l( cuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hdu~() E'b&  8P!~()@l(@l(hduMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**heuqj4) E'b&  8P!qj4)@l(@l(heuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a 4.h**hfu=E) E'b&  8P!=E)@l(@l(fuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aferh**hguQ) E'b&  8P!Q)@l(@l(guMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atrih**hhuZ`q) E'b&  8P!Z`q)@l(@l(huMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetAh**hiu) E'b&  8P!)@l(@l(iuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a'00h**xju[v) E'b&  8P!!j[v)@l(@l(juMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 919d56cd-87a0-4f7c-b415-de154b89058e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 19634e20-744b-40c6-9ce4-e7307cc50a27 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 4.x**hkuR) E'b&  8P!R)@l(@l(kuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aferh**hlu>) E'b&  8P!>)@l(@l(luMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atrih**hmu㿈) E'b&  8P!㿈)@l(1@l(L TmuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetAh**hnu) E'b&  8P!)@l(1@l(L TnuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a'00h**hou* E'b&  8P!*@l(@l( ouMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a cah**hpu<* E'b&  8P!<*@l(@l( puMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aworh**hquiF* E'b&  8P!iF*@l(%@l($quMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetwh**hruaG* E'b&  8P!aG*@l(%@l($ruMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aatch**hsuha* E'b&  8P!ha*@l(L@l(t suMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aameh**htu&"a* E'b&  8P!&"a*@l(L@l(t tuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahelh**huu}>a* E'b&  8P!}>a*@l(i@l(tuuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hvuaLa* E'b&  8P!aLa*@l(i@l(tvuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**xwua* E'b&  8P!!ja*@l(@l(tXwuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8ac44738-f2b4-4b4a-acf8-25ef6dcbb412 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 597ae734-ce1b-4242-9544-530277727da5 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hxuΩa* E'b&  8P!Ωa*@l(@l( 8 xuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hyu%a* E'b&  8P!%a*@l(@l( 8 yuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hzuNb* E'b&  8P!Nb*@l(@l( zuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h{u`Yb* E'b&  8P!`Yb*@l(@l( {uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h|um* E'b&  8P!m*@l(J@l( x|uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h}uRV* E'b&  8P!RV*@l(J@l( x}uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahelhOperational  E'b&  8P & hElfChnk~uu~uuX/  n(=f?mMF&**X~u)* E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!)*@l(-@l( D ~uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hu* E'b&  8P!*@l(-@l( D uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**huht+ E'b&  8P!ht+@l(9@l(\ uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**hu+ E'b&  8P!+@l(9@l(\ uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**hu + E'b&  8P! +@l(@l(uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**hu + E'b&  8P! +@l(@l(uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &00-h**@uߙP+ E'b&  8P!jߙP+@l(@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 96495145-6e4e-4084-a0a8-8f7f96118b42 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 048accda-b63c-4bee-8977-f96141d634c4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**hu0x+ E'b&  8P!0x+@l( @l(h 0uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hu+ E'b&  8P!+@l( @l(h 0uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**huU+ E'b&  8P!U+@l(D@l(8uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hu + E'b&  8P! +@l(D@l(8uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**huϲ+ E'b&  8P!ϲ+@l(C@l( 4uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**huh=+ E'b&  8P!h=+@l(C@l( 4uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**xu* + E'b&  8P!!j* +@l(@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ebf3faf3-5408-4a06-962b-161e0f82300e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b1c0f0be-b7b9-4097-945b-cda0f4f63177 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**huM + E'b&  8P!M +@l(v@l( `uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**huxY + E'b&  8P!xY +@l(v@l( `uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**huDLx + E'b&  8P!DLx +@l(@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hu + E'b&  8P! +@l(@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**xup + E'b&  8P!!jp +@l(@l(uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d725218a-72e4-4a48-bd88-3d42eb615ca7 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1bf4efdd-0919-417c-8884-9b9eb888fc1a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hu* + E'b&  8P!* +@l(@l(uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hu + E'b&  8P! +@l(@l(uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**huP + E'b&  8P!P +@l(Z@l(uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hu9^ + E'b&  8P!9^ +@l(Z@l(uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hus + E'b&  8P!s +@l(a@l(L uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hubǃ + E'b&  8P!bǃ +@l(a@l(L uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**huJc + E'b&  8P!Jc +@l(e@l($ uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**hu + E'b&  8P! +@l(e@l($ uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hu+ E'b&  8P!+@l(e@l($ uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**huM+ E'b&  8P!M+@l(e@l($ uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**huw+ E'b&  8P!w+@l(o@l(xuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rouh**hu+ E'b&  8P!+@l(o@l(xuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hu-+ E'b&  8P!-+@l(y@l(uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &elsh**huHǻ+ E'b&  8P!Hǻ+@l(y@l(uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &} h**xu@+ E'b&  8P!!j@+@l(4@l(uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0fca1dc6-f7ac-4272-bec8-84d19b367976 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 05b596a4-cb6b-40fe-a65a-ed38f53325b1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**huX,Z+ E'b&  8P!X,Z+@l(8@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**hu g+ E'b&  8P! g+@l(8@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**huμ+ E'b&  8P!μ+@l(@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rouh**huڼ+ E'b&  8P!ڼ+@l(@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**huߌi_, E'b&  8P!ߌi_,@l(@l(tpuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &elsh**huw_, E'b&  8P!w_,@l(@l(tpuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &} h**hu]n, E'b&  8P!]n,@l(@l(xuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &6aeh**huin, E'b&  8P!in,@l(@l(xuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ROUh**hu]4n, E'b&  8P!]4n,@l(@l(D , uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**humn, E'b&  8P!mn,@l(@l(D , uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**xuc9o, E'b&  8P!!jc9o,@l(@l(D 4uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 945f3886-d742-46da-92fb-99799f3757d6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = db860a75-ea1c-4e51-9303-cdc49f6349a7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hu+o, E'b&  8P!+o,@l(@l(uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &elsh**hu6o, E'b&  8P!6o,@l(@l(uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &} h**hu)o, E'b&  8P!)o,@l(@l(< uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a12h**huo, E'b&  8P!o,@l(@l(< uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ROUh**hu~d - E'b&  8P!~d -@l(@l(<uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hu - E'b&  8P! -@l(@l(<uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hu;- E'b&  8P!;-@l(U@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**huH- E'b&  8P!H-@l(U@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**huiu- E'b&  8P!iu-@l(_@l(P @uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hun- E'b&  8P!n-@l(_@l(P @uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hu- E'b&  8P!-@l(b@l( PuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nceh**hu- E'b&  8P!-@l(b@l( PuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &,Inh**xuN- E'b&  8P!!jN-@l(@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9106d893-88d6-48f9-898c-3feab3d83852 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6c05b572-be22-474f-9e3b-ee6988f2ceb6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**huHx- E'b&  8P!Hx-@l(@l(|uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hu!o- E'b&  8P!!o-@l(@l(|uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hu)- E'b&  8P!)-@l(1@l(H uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hu6- E'b&  8P!6-@l(1@l(H uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hu:\- E'b&  8P!:\-@l(2@l(uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hu>,k- E'b&  8P!>,k-@l(2@l(uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**xuZh- E'b&  8P!!jZh-@l(@l(HuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d7b96735-d9d6-4914-8b09-e0517a74251d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e33dc4a8-a97c-4f72-bc7e-f2668ce871af Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. dax**hu:- E'b&  8P!:-@l(@l(4PuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rouh**hu`& - E'b&  8P!`& -@l(@l(4PuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hu3'- E'b&  8P!3'-@l(@l(L uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &elsh**hu4- E'b&  8P!4-@l(@l(L uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &} h**xu^- E'b&  8P!!j^-@l(@l(L @ uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = bb8970ca-756b-4082-ab0b-c6a3425cb7f4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4fb3073a-6917-417c-8a18-3f301cdd3ef1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hu;- E'b&  8P!;-@l(@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hu,- E'b&  8P!,-@l(@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hu- E'b&  8P!-@l(@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hu _- E'b&  8P! _-@l(@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**huP0- E'b&  8P!P0-@l(d@l(uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**hu4f5- E'b&  8P!4f5-@l(@l(@ PuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hu=- E'b&  8P!=-@l(d@l(uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**hu%A- E'b&  8P!%A-@l(@l(@ PuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**huH - E'b&  8P!H -@l(@l(tuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rouh**hu1- E'b&  8P!1-@l(@l(tuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hu7- E'b&  8P!7-@l(A@l( TuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &elsh**hu%F- E'b&  8P!%F-@l(A@l( TuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &} h**hu\f- E'b&  8P!\f-@l(@l(uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &7dah**huVq- E'b&  8P!Vq-@l(@l(uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ROUhSYSTEM  E'b&  8Pr j-@l(@l(X uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @icrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hyu%a* E'b&  8P!%a*@l(@l( 8 yuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hzuNb* E'b&  8P!Nb*@l(@l( zuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h{u`Yb* E'b&  8P!`Yb*@l(@l( {uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h|um* E'b&  8P!m*@l(J@l( x|uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h}uRV* E'b&  8P!RV*@l(J@l( x}uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahelhOperational  E'b&  8P & hElfChnkuvuvxd;o(P=f?mMF&a**u- E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j-@l(@l(X uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b9c9fa59-2db2-4f3e-a154-0c6c61925fc9 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 58371b6a-92e8-4f09-9117-e60125381e6a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ) {**uF- E'b&  8P9!F-@l(!@l(( huMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c((-**hu - E'b&  8P! -@l(!@l(( huMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**hu,t- E'b&  8P!,t-@l(Z@l( $uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hu/- E'b&  8P!/-@l(Z@l( $uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**hu w. E'b&  8P! w.@l(@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**huȒw. E'b&  8P!Ȓw.@l(@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**huZ. E'b&  8P!Z.@l(@l( X uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hu3. E'b&  8P!3.@l(@l( X uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hul5. E'b&  8P!l5.@l(@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**huA. E'b&  8P!A.@l(@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**xuW. E'b&  8P!!jW.@l(+@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2fd2dad9-7407-4776-b20f-213f59a56e89 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 20031e2a-c66b-49ac-88c3-d16e0e118336 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**huׁ. E'b&  8P!ׁ.@l(Z@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**huf. E'b&  8P!f.@l(Z@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**huM. E'b&  8P!M.@l(@l(H puMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**huY. E'b&  8P!Y.@l(@l(H puMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**huĘ"/ E'b&  8P!Ę"/@l(p@l($ luMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hu"/ E'b&  8P!"/@l(p@l($ luMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Hoh**hu*/ E'b&  8P!*/@l(y@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**huR*/ E'b&  8P!R*/@l(y@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hut-/ E'b&  8P!t-/@l(@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**huQ-/ E'b&  8P!Q-/@l(@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hu[i./ E'b&  8P![i./@l(@l(D uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hu7./ E'b&  8P!7./@l(@l(D uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**xu./ E'b&  8P!!j./@l(-@l(DuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b4300b1f-ed03-4e3a-815d-c178e71759e0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b2ac7318-2b9d-46d4-b17c-6433fa8d8b5d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Hox**hu3i./ E'b&  8P!3i./@l(@l(` uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aExeh**huU./ E'b&  8P!U./@l(@l(` uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hu/ 0/ E'b&  8P!/ 0/@l(a@l(H uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &auteh**hu0/ E'b&  8P!0/@l(a@l(H uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aadah**hu;0/ E'b&  8P!;0/@l(@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arouh**hujI0/ E'b&  8P!jI0/@l(@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**xuO0/ E'b&  8P!!jO0/@l(p@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5cd00315-5dd2-4b29-a045-daab4c90e9b0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7493ec95-4e09-44d6-990f-a4bbc5e0a3fe Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hu0/ E'b&  8P!0/@l(L@l(xhuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hu30/ E'b&  8P!30/@l(L@l(xhuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ainh**huA5/ E'b&  8P!A5/@l(s@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &auteh**hudM5/ E'b&  8P!dM5/@l(s@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aadah**uVc5/ E'b&  8P]!jVc5/@l(@l( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 97de4a01-6eca-4b15-b5eb-0f15dfc4652a Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-g3ukjssq.qfd.ps1 Engine Version = 4.0 Runspace ID = 08ba4acf-fbd3-4500-8fde-e9bee8124afb Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ft-W**huJp5/ E'b&  8P!Jp5/@l(@l(<`uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hu|5/ E'b&  8P!|5/@l(@l(<`uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**xu5/ E'b&  8P!!j5/@l(@l(<uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 585f2843-33d4-4116-a2f0-e74f0e2e02c3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = bcfe8744-3d8b-462d-a2ab-37f5cdcd92b8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. mex**hu u6/ E'b&  8P! u6/@l(@l(\ uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahelh**huE#6/ E'b&  8P!E#6/@l(@l(\ uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hu7/ E'b&  8P!7/@l(9@l(P uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hus8/ E'b&  8P!s8/@l(9@l(P uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hu 8/ E'b&  8P! 8/@l(;@l( X uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**huQ,8/ E'b&  8P!Q,8/@l(;@l( X uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**xv8/ E'b&  8P!!j8/@l(@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 942f10cf-5add-49f2-9bbc-d871d63dfd72 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d7f5b845-2d3c-4cad-9a27-0bcb2d9152df Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. tAx**hvPPC/ E'b&  8P!PPC/@l(@l(LvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a'00h**hv<\C/ E'b&  8P!<\C/@l(@l(LvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a cah**hvg>N/ E'b&  8P!g>N/@l(@l(4hvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aworh**hvON/ E'b&  8P!ON/@l(@l(4hvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetwh**hvxN/ E'b&  8P!xN/@l(@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aatch**hvdN/ E'b&  8P!dN/@l(@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aameh**xvnO/ E'b&  8P!!jnO/@l(B@l(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a6450f93-60ee-4f93-b128-9be85b8f310d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c26a20b9-36d0-49aa-ba15-c0f51a0ff6f2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. tAx**hvMw2O/ E'b&  8P!Mw2O/@l(C@l(<4vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a'00h**h vBc>O/ E'b&  8P!Bc>O/@l(C@l(<4 vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a cah**h vO/ E'b&  8P!O/@l(k@l( X vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aworh**h v'O/ E'b&  8P!'O/@l(k@l( X vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetwh**h vO/ E'b&  8P!O/@l(q@l(( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aatch**h v4P/ E'b&  8P!4P/@l(q@l(( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aameh**xv;{P/ E'b&  8P!!j;{P/@l(@l(((vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e9ef30a5-babe-4660-8c89-cc00d35c0bec Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = bf68362a-191f-4900-a4bd-5f5005befe14 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. cax**hvP/ E'b&  8P!P/@l(@l(,@vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aworh**hvݵP/ E'b&  8P!ݵP/@l(@l(,@vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetwh**hvnP/ E'b&  8P!nP/@l(@l( @vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aatch**hvJP/ E'b&  8P!JP/@l(@l( @vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aameh**xv~{SQ/ E'b&  8P!!j~{SQ/@l(@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c5af668a-1122-4cf3-a147-e0fc0984b45d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7ad49ad9-630e-4e3d-9120-763f638bde89 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hvDoQ/ E'b&  8P!DoQ/@l(:@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hv&}Q/ E'b&  8P!&}Q/@l(:@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hv_Q/ E'b&  8P!_Q/@l(@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hv`Q/ E'b&  8P!`Q/@l(@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hvwQ/ E'b&  8P!wQ/@l(@l(h vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hvZQ/ E'b&  8P!ZQ/@l(@l(h vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hvIQ/ E'b&  8P!IQ/@l(@l(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hv8Q/ E'b&  8P!8Q/@l(@l(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hv?0 E'b&  8P!?0@l(Y@l(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hv\K0 E'b&  8P!\K0@l(Y@l(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahelhOperational  E'b&  8P & hElfChnkvsvvsv(d8DL(=f?mMF &**Xv0 E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!0@l(@l(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hv0 E'b&  8P!0@l(@l(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**h vt0 E'b&  8P!t0@l(@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**h!v0 E'b&  8P!0@l(@l( !vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**@"v0 E'b&  8P!j0@l(@l(X"vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  p;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 05ff679b-bb0e-4c17-bada-0915dc9dc159 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 989f54fe-6d91-4b5c-ada4-71a1c5a438f6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. a@**h#v0 E'b&  8P!0@l(@l(X #vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sh**h$vyհ0 E'b&  8P!yհ0@l(@l(X $vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h%v0 E'b&  8P!0@l(@l(8%vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h&v*0 E'b&  8P!*0@l(@l(8&vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h'v0 E'b&  8P!0@l( @l('vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h(vF0 E'b&  8P!F0@l( @l((vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h)v]H0 E'b&  8P!]H0@l(@l(L )vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h*v踵0 E'b&  8P!踵0@l(@l(L *vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h+v4pٵ0 E'b&  8P!4pٵ0@l(@l(8 +vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h,v0 E'b&  8P!0@l(@l(8 ,vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**x-vtb0 E'b&  8P!!jtb0@l(a@l(8-vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 85b66b2f-d544-4f80-9755-aaf2475b5e03 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 3af8e505-91ba-47c4-857c-3fe154ead3a6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h.vm~0 E'b&  8P!m~0@l(e@l( .vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h/vr"0 E'b&  8P!r"0@l(e@l( /vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**h0v#0 E'b&  8P!#0@l(@l( H 0vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h1v0 E'b&  8P!0@l(@l( H 1vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h2v,R1 E'b&  8P!,R1@l(@l(D 2vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h3vR1 E'b&  8P!R1@l(@l(D 3vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h4vqa[1 E'b&  8P!qa[1@l(C@l(X 4vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h5v[1 E'b&  8P![1@l(C@l(X 5vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h6va\1 E'b&  8P!a\1@l(D@l((6vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h7v)\1 E'b&  8P!)\1@l(D@l((7vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**x8v&\1 E'b&  8P!!j&\1@l([@l((\ 8vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 90544abb-6b88-4677-9500-2f2fac9ad2b6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4cc92357-dbcc-4c95-a93a-3fb334c7a11f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**h9v\1 E'b&  8P!\1@l(@l(x@ 9vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**h:v\1 E'b&  8P!\1@l(@l(x@ :vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**h;vvd1 E'b&  8P!vd1@l(i@l(X ;vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rouh**hvrEd1 E'b&  8P!rEd1@l(q@l(p >vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**x?v;ie1 E'b&  8P!!j;ie1@l(@l(p$?vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b023be9c-447b-4094-a920-eed110eb762d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 70e2ae44-65e7-4eff-9411-dec654f29db2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**h@v=e1 E'b&  8P!=e1@l(@l(D @@vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**hAvΝe1 E'b&  8P!Νe1@l(@l(D @AvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**hBve1 E'b&  8P!e1@l(@l(x BvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hCvNe1 E'b&  8P!Ne1@l(@l(x CvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Winh**xDvg3f1 E'b&  8P!!jg3f1@l(@l( DvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4c86bbb6-c4bf-4be6-a6e4-aeb2343d6557 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0f1b245d-d6ee-49bb-a235-ede0c5667be8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Gx**hEvPf1 E'b&  8P!Pf1@l(@l( T EvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-anh**hFvxi^f1 E'b&  8P!xi^f1@l(@l( T FvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &y -h**hGvIf1 E'b&  8P!If1@l(@l(GvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hHv f1 E'b&  8P! f1@l(@l( lHvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hIvf1 E'b&  8P!f1@l(@l(IvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hJvf1 E'b&  8P!f1@l(@l( lJvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hKvf1 E'b&  8P!f1@l(@l(KvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hLvg1 E'b&  8P!g1@l(@l(LvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hMvlm1 E'b&  8P!lm1@l(^@l( X MvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hNvʑ1 E'b&  8P!ʑ1@l(^@l( X NvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hOv1 E'b&  8P!1@l(@l( OvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hPvVA1 E'b&  8P!VA1@l(@l( PvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hQv2 E'b&  8P!2@l(@l(8 QvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**hRvr2 E'b&  8P!r2@l(@l(8 RvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hSvI2 E'b&  8P!I2@l(@l(( SvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**hTvP52 E'b&  8P!P52@l(@l(( TvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**xUvg2 E'b&  8P!!jg2@l(a@l($ UvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = febade31-de12-4a76-9528-d60a5def433f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9e7a68a7-abbb-4ef9-a577-c75fe109d7d1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hVv212 E'b&  8P!212@l(@l( VvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hWv2 E'b&  8P!2@l(@l( WvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hXvJ2 E'b&  8P!J2@l( @l( H XvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**hYv2 E'b&  8P!2@l( @l( H YvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hZvټ2 E'b&  8P!ټ2@l(@l(ZvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**h[v'˨2 E'b&  8P!'˨2@l(@l([vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**h\v;2 E'b&  8P!;2@l(e@l( H \vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rouh**h]v'2 E'b&  8P!'2@l(e@l( H ]vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h^vԽ2 E'b&  8P!Խ2@l(i@l(L ^vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &elsh**h_vg2 E'b&  8P!g2@l(i@l(L _vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &} h**x`v<2 E'b&  8P!!j<2@l(@l(L `vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a5599bfe-3792-41c2-98b4-43548da08e57 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9a02410b-8c09-486d-9a7d-558edd1b46c1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**haveNW2 E'b&  8P!eNW2@l(@l(avMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**hbvbe2 E'b&  8P!be2@l(@l(bvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**hcvb2 E'b&  8P!b2@l(@l(cvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rouh**hdv32 E'b&  8P!32@l(@l(dvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hev.[3 E'b&  8P!.[3@l( @l(@ evMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &elsh**hfvf[3 E'b&  8P!f[3@l( @l(@ fvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &} h**hgv^k3 E'b&  8P!^k3@l(F@l(0gvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &fe1h**hhv l3 E'b&  8P! l3@l(F@l(0hvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ROUh**hiv|8t3 E'b&  8P!|8t3@l(I@l(HivMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hjvFt3 E'b&  8P!Ft3@l(I@l(HjvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hkvU؅t3 E'b&  8P!U؅t3@l(@l( XkvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hlviđt3 E'b&  8P!iđt3@l(@l( XlvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**xmvu3 E'b&  8P!!ju3@l(@l(  mvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7cc7f245-ab0d-4956-bee1-32deed1ba0d4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ff0e9ac4-0d59-4de1-8553-0187505e89cd Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. OUx**hnv|=u3 E'b&  8P!|=u3@l(@l( nvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hovPhIu3 E'b&  8P!PhIu3@l(@l( ovMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hpvx3 E'b&  8P!x3@l(@l(tpvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hqv> y3 E'b&  8P!> y3@l(@l(tqvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hrv)y3 E'b&  8P!)y3@l(}@l(XX rvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hsv 9y3 E'b&  8P! 9y3@l(}@l(XX svMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &hicrosoft-Win E'b&  8Pwej8y3@l(@l(XtvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @icrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hv8Q/ E'b&  8P!8Q/@l(@l(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hv?0 E'b&  8P!?0@l(Y@l(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hv\K0 E'b&  8P!\K0@l(Y@l(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahelhOperational  E'b&  8P & hElfChnktvvtvvx*pbmp(P=f?mMF&a**tv8y3 E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j8y3@l(@l(XtvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2f5b98e0-5c80-4af8-a909-99a87856050c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9f96b807-f13f-4bb6-852e-5dfe7bff6d3a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ati**uvq.y3 E'b&  8P9!q.y3@l(@l(<uvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c(t **hvvy3 E'b&  8P!y3@l(@l(<vvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**hwvy3 E'b&  8P!y3@l(@l( wvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hxvoz3 E'b&  8P!oz3@l(@l( xvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aah**xyvlkz3 E'b&  8P!!jlkz3@l(8@l(yvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2dcf439e-ad0d-4738-afda-4d64a3785a19 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 293f4938-1967-4e2d-87b2-e563f5ba739f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 0-x**hzv҉z3 E'b&  8P!҉z3@l(A@l(zvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**h{v]z3 E'b&  8P!]z3@l(A@l({vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**h|vz3 E'b&  8P!z3@l(J@l( |vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h}vz3 E'b&  8P!z3@l(J@l( }vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h~vǵz3 E'b&  8P!ǵz3@l(@l( ~vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hvۛz3 E'b&  8P!ۛz3@l(@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hvRm {3 E'b&  8P!Rm {3@l([@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hv){3 E'b&  8P!){3@l([@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hv| 4 E'b&  8P!| 4@l(@l( ,vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hvJ4 E'b&  8P!J4@l(@l( ,vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hv&E\4 E'b&  8P!&E\4@l(@l((vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hvi4 E'b&  8P!i4@l(@l((vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Hoh**hv#,4 E'b&  8P!#,4@l(@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hvq,4 E'b&  8P!q,4@l(@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hvq1,4 E'b&  8P!q1,4@l(H@l(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hvԲ=,4 E'b&  8P!Բ=,4@l(H@l(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**xvSQ,4 E'b&  8P!!jSQ,4@l(@l(`vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3ed9fdf6-8cba-4ec2-a42f-9fc381e246fb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0f45ca7e-f145-4516-a663-62e220ac23e7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hvP,4 E'b&  8P!P,4@l(@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hv,4 E'b&  8P!,4@l(@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hvO-4 E'b&  8P!O-4@l(@l(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hvup[-4 E'b&  8P!up[-4@l(@l(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ainh**hv2,4 E'b&  8P!2,4@l(u@l( |vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &auteh**hv):4 E'b&  8P!):4@l(u@l( |vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aadah**hv4 E'b&  8P!4@l(@l(D vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arouh**hv94 E'b&  8P!94@l(@l(D vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hv]4 E'b&  8P!]4@l(@l(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hve 4 E'b&  8P!e 4@l(@l(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xvct4 E'b&  8P!!jct4@l( @l(`vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 75594bf0-dafa-45bb-92f2-7a129dbbd9b4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c80016e1-e48c-4a2e-af50-e8654061086c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**hv4 E'b&  8P!4@l(@l(p vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &auteh**hv/4 E'b&  8P!/4@l(@l(p vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aadah**hv04 E'b&  8P!04@l(@l(t 8 vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hv6C>4 E'b&  8P!6C>4@l(@l(t 8 vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aWinh**hv!s5 E'b&  8P!!s5@l(@l(pHvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hv t5 E'b&  8P! t5@l(@l(pHvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hv85 E'b&  8P!85@l(@l(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hvBȃ5 E'b&  8P!Bȃ5@l(@l(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hv5 E'b&  8P!5@l(o@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hv4B5 E'b&  8P!4B5@l(o@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**v |5 E'b&  8P]!j |5@l(u@l( p vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 17ed79d3-9d69-4b3c-8a49-bc861d6902f2 Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-boq5uqcd.sco.ps1 Engine Version = 4.0 Runspace ID = 34f7562e-086e-4272-b344-16c9403c9bc2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. e = **hv5&&5 E'b&  8P!5&&5@l(@l(` 8 vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aPfh**hvi35 E'b&  8P!i35@l(@l(` 8 vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &axi^fh**xv>׳5 E'b&  8P!!j>׳5@l(@l(` vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1078ab2a-eaf6-4d64-a259-7880f2e4bd4e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 09ff02f0-6ac6-431c-b71c-9d2a0f84f78f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**hv5 E'b&  8P!5@l(@l(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hvι5 E'b&  8P!ι5@l(@l(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hv5 E'b&  8P!5@l(@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hvJ5 E'b&  8P!J5@l(@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hv>N5 E'b&  8P!>N5@l(@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a5deh**hvԜ5 E'b&  8P!Ԝ5@l(@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &and h**xvr5 E'b&  8P!!jr5@l(i@l( 0vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ac1e7a6d-f506-4600-a8fb-a6b233cb2afa Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 773afe00-836c-48c2-899f-2768b30064d3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**hvR5 E'b&  8P!R5@l(j@l(<vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hv頯5 E'b&  8P!頯5@l(j@l(<vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hv5 E'b&  8P!5@l(@l(LvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hv(ϧ5 E'b&  8P!(ϧ5@l(@l(LvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hv5 E'b&  8P!5@l(@l(@ vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hv'5 E'b&  8P!'5@l(@l(@ vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**xv55 E'b&  8P!!j55@l(@l(@ p vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1174ba29-44dc-49a0-a9e0-6f06cba1c171 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = dad34768-9755-44c7-b411-92d84dac6ff1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. mex**hv$5 E'b&  8P!$5@l(@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahelh**hv¿5 E'b&  8P!¿5@l(@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hv^5 E'b&  8P!^5@l(@l(8 vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hv݋5 E'b&  8P!݋5@l(@l(8 vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hv)5 E'b&  8P!)5@l(@l( @ vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hvD5 E'b&  8P!D5@l(@l( @ vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**xvq25 E'b&  8P!!jq25@l(@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8c2b1e0b-33ea-4cc4-a692-363f35934e8f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 660f0b55-08c7-4c45-9b36-f112f9ead723 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. tAx**hvZ5 E'b&  8P!Z5@l(@l((vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a'00h**hvOh5 E'b&  8P!Oh5@l(@l((vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a cah**hv5 E'b&  8P!5@l(@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aworh**hva5 E'b&  8P!a5@l(@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetwh**xv5 E'b&  8P!!j5@l(@l( 4vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d7223d28-ce0c-4186-86c4-a8414d286467 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c2aef93b-d9af-4728-beee-c1db51537424 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hv5 E'b&  8P!5@l(@l(0vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hv&5 E'b&  8P!&5@l(@l(0vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahelhOperational  E'b&  8P & hElfChnkvwvw }\m'xs(,=f?mMF&**Xvؼj5 E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!ؼj5@l(9@l(x DvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hv+by5 E'b&  8P!+by5@l(9@l(x DvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hv5 E'b&  8P!5@l(*@l(p vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**hvߞ5 E'b&  8P!ߞ5@l(*@l(p vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**hva5 E'b&  8P!a5@l(+@l(`tvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**hvh5 E'b&  8P!h5@l(+@l(`tvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &00-h**hvﹹO6 E'b&  8P!ﹹO6@l(@l(pvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**hvPU6 E'b&  8P!PU6@l(@l(pvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nfih**hvn6 E'b&  8P!n6@l(@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Conh**hv0o6 E'b&  8P!0o6@l(@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**hv1#u6 E'b&  8P!1#u6@l(@l(8 vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hv3sv6 E'b&  8P!3sv6@l(@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Meh**hvyv6 E'b&  8P!yv6@l(@l(8 vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hv(w6 E'b&  8P!(w6@l(@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**@vmRn6 E'b&  8P!jmRn6@l(@l(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(A?,oData= ContextInfo A',=UserData A%,=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 70775c22-e2d5-46f8-afd5-3151ac0df8de Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f6b6ffea-0c45-4804-90d9-5066bbb954b7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**hvr&6 E'b&  8P!r&6@l(@l(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hv<>6 E'b&  8P!<>6@l(!@l(( \vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hvo6 E'b&  8P!o6@l(@l(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hv4;6 E'b&  8P!4;6@l(!@l(( \vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hv6 E'b&  8P!6@l(@l(` vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hv6 E'b&  8P!6@l(@l(` vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hvp[7 E'b&  8P!p[7@l(@l(T vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hvUg7 E'b&  8P!Ug7@l(@l(T vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hv7 E'b&  8P!7@l(Y@l(` vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hv7 E'b&  8P!7@l(Y@l(` vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xvx"7 E'b&  8P!!jx"7@l((@l( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3f3b3931-a093-44f7-b3a6-954da4ee1161 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4717c048-1780-4732-a8ed-a3f81cdb5424 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ntx**hv.?7 E'b&  8P!.?7@l(@l(8vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hv}J7 E'b&  8P!}J7@l(@l(8vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hv贷7 E'b&  8P!贷7@l(@l(\ vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hvG7 E'b&  8P!G7@l(@l(\ vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hv[RU7 E'b&  8P![RU7@l(@l((vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hv_U7 E'b&  8P!_U7@l(@l((vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hvu:7 E'b&  8P!u:7@l(@l(TvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hvBM7 E'b&  8P!BM7@l(@l(TvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hv7 E'b&  8P!7@l(@l( tvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hvR-7 E'b&  8P!R-7@l(@l( tvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hv4Դ7 E'b&  8P!4Դ7@l(7@l(t vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hvҰ7 E'b&  8P!Ұ7@l(7@l(t vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hv#7 E'b&  8P!#7@l(@l(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hv17 E'b&  8P!17@l(@l(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xvP7 E'b&  8P!!jP7@l(@l(<vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 947fe3c8-a9f5-43a0-929e-85232d523366 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 42553383-347d-4c03-99a7-430daab983d7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. drx**hvF6۵7 E'b&  8P!F6۵7@l(@l(` vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hv#7 E'b&  8P!#7@l(@l(` vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hvh5k7 E'b&  8P!h5k7@l(@l(8vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hvx7 E'b&  8P!x7@l(@l(8vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hvص7 E'b&  8P!ص7@l(@l(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hvrF7 E'b&  8P!rF7@l(@l(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xvm7 E'b&  8P!!jm7@l(@l(H vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4570f252-91c2-467c-aa2a-234949c5b68c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a84d867c-0398-47a5-8cc7-552b8a8549a9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hv--<7 E'b&  8P!--<7@l(B@l( T vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hvlH7 E'b&  8P!lH7@l(B@l( T vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hvg7 E'b&  8P!g7@l(@l(D vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hv/r7 E'b&  8P!/r7@l(@l(D vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**xvgع7 E'b&  8P!!jgع7@l(&Al(DvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 75ec9fe1-66f9-447f-8811-801f8a5f0ad0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 96eb24c3-2f6c-4c82-8518-b113dbfffbb7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hv47 E'b&  8P!47@l(*Al( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hvH57 E'b&  8P!H57@l(*Al( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hv1:7 E'b&  8P!1:7@l(0@l(P vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hvF7 E'b&  8P!F7@l(0@l(P vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hvZ^7 E'b&  8P!Z^7@l(NAl(d vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hv^k7 E'b&  8P!^k7@l(NAl(d vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hvw7 E'b&  8P!w7@l(OAl(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**hv˃7 E'b&  8P!˃7@l(OAl(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hvc8 E'b&  8P!c8@l(Al( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**hvA c8 E'b&  8P!A c8@l(Al( vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**hvwk8 E'b&  8P!wk8@l(aAl(xvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rouh**hw k8 E'b&  8P! k8@l(aAl(xwMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hwk8 E'b&  8P!k8@l(@l(|wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &elsh**hw`k8 E'b&  8P!`k8@l(@l(|wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &} h**xwG1l8 E'b&  8P!!jG1l8@l(Al(|wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b8273a6e-d9ba-4a56-8d6a-d599a0ef2a68 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8009091f-1b8d-433b-bf65-9b9ee2e2f37c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**hwսMl8 E'b&  8P!սMl8@l({@l(( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**hwk \l8 E'b&  8P!k \l8@l({@l(( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**hwl8 E'b&  8P!l8@l(@l(d wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rouh**hw5l8 E'b&  8P!5l8@l(@l(d wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hw}}9 E'b&  8P!}}9@l(Al( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &elsh**h w9 E'b&  8P!9@l(Al( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &} h**h wZB9 E'b&  8P!ZB9@l(lAl(< wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &6ffh**h wR9 E'b&  8P!R9@l(lAl(< wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ROUh**h w@r9 E'b&  8P!@r9@l(Z@l( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h wdҀ9 E'b&  8P!dҀ9@l(Z@l( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**xw9 E'b&  8P!!j9@l({@l(pwMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f189aa82-6563-4637-af69-d307a33f592e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 246dcd1c-ea16-4bc1-b8cf-ef884efddedb Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hwZ29 E'b&  8P!Z29@l(|@l( $wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &elsh**hw@9 E'b&  8P!@9@l(|@l( $wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &} h**hw 9 E'b&  8P! 9@l(@l(@ LwMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d72h**hwY, 9 E'b&  8P!Y, 9@l(@l(@ LwMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ROUh**hw?(9 E'b&  8P!?(9@l(nAl(twMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hwR;9 E'b&  8P!R;9@l(nAl(twMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hwq~9 E'b&  8P!q~9@l(qAl( T wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hw9 E'b&  8P!9@l(qAl( T wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hw9c9 E'b&  8P!9c9@l(Al( ( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hwaq9 E'b&  8P!aq9@l(Al( ( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hwo9 E'b&  8P!o9@l(Al(8 wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nceh**hw[9 E'b&  8P![9@l(Al(8 wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &,InhrfaceMetric  E'b&  8Papj%F9@l(Al(8$wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c2aef93b-d9af-4728-beee-c1db51537424 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hv5 E'b&  8P!5@l(@l(0vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hv&5 E'b&  8P!&5@l(@l(0vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahelhOperational  E'b&  8P & hElfChnkwgwwgwhV7 tB(P=f?mMF&a**w%F9 E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j%F9@l(Al(8$wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 30431fa2-c1ea-4368-80a0-7387edb32cf9 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7df3a933-f770-4e65-a7a7-f1a3c0506a16 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. **w(u9 E'b&  8P9!(u9@l(Al(wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c( **hwу9 E'b&  8P!у9@l(Al(wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hw9 E'b&  8P!9@l(@l(@ wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ao h**hw"9 E'b&  8P!"9@l(@l(@ wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a6f8h**h wPB9 E'b&  8P!PB9@l(@l(  wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aif h**h!wN9 E'b&  8P!N9@l(@l( !wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &and h**x"wr9 E'b&  8P!!jr9@l(\Al( X"wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7beb3d71-fc76-4018-adf3-ad64bef5be85 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = bdc4d818-d5c0-4f61-8657-d94e4a515852 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. we: E'b&  8P!e:@l(%@l(@>wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &afm: E'b&  8P!>m:@l(G@l(, 8 CwMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af E'b&  8P!29>@l(Al( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af E'b&  8P!I>@l(Al( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af E'b&  8P! ">@l(Al(hwMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af E'b&  8P!Pd0>@l(Al(hwMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af E'b&  8P!7uq>@l(Al(TwMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af E'b&  8P!c>@l(Al(TwMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a56-h**xwc> E'b&  8P!!jc>@l(Al( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 770de0b9-43b4-474c-b8cc-359c4751a4c8 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0e6b27df-f1c9-4021-90d2-b6d730556650 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hwI\> E'b&  8P!I\>@l(wAl(d wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hwH+> E'b&  8P!H+>@l(wAl(d wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hw&> E'b&  8P!&>@l(uAl(P(wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hwm> E'b&  8P!m>@l(uAl(P(wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a E'b&  8P!X>@l(Al( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af E'b&  8P!!&>@l(Al( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af E'b&  8P!!jP>@l(lAl(wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0846a55c-144e-4f71-8335-22f6434fa7c4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f2417030-1216-452c-bc8d-973c48943fc2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Six**hwF> E'b&  8P!F>@l(Al( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aon h**hw> E'b&  8P!>@l(Al( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aSelh**hw{> E'b&  8P!{>@l(Al(0wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hw > E'b&  8P! >@l(Al(0wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad Gh**xwz > E'b&  8P!!jz >@l(aAl(0wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8f899fd7-7671-406a-8963-f8705daacb3e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b9e366f4-be79-424c-8b56-e73d1f77b214 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. nax**hwy > E'b&  8P!y >@l(Al(4wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hw_^ > E'b&  8P!_^ >@l(Al(4wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad Gh**hwW< > E'b&  8P!W< >@l(eAl(P  wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a-anh**hwQ > E'b&  8P!Q >@l(eAl(P  wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ay -h**hw > E'b&  8P! >@l("Al(wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hwB > E'b&  8P!B >@l("Al(wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hwuC!> E'b&  8P!uC!>@l(RAl( twMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hwQ!> E'b&  8P!Q!>@l(RAl( twMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hw"> E'b&  8P!">@l(NAl(wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah  8P & hElfChnkwxwxXz! ?( =f?mMF &**Xw"> E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!">@l(NAl(wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hwi'"> E'b&  8P!i'">@l(nAl(dwMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hwu"> E'b&  8P!u">@l(nAl(dwMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h** w#> E'b&  8Py !j#>@l(pAl(dwMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  p;)(A? oData= ContextInfo A' =UserData A% =Payload "p Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1bb89397-b50a-492a-ab89-916aff5cd106 Host Application = powershell.exe -NoProfile -NonInteractive -Command try { $ErrorActionPreference = "Stop" $ProgressPreference = "SilentlyContinue" $modules = Get-InstalledModule -ErrorAction SilentlyContinue if ($modules) { foreach ($mod in $modules) { [PSCustomObject]@{ Name = $mod.Name Version = $mod.Version.ToString() Repository = $mod.Repository Author = $mod.Author } | ConvertTo-Json -Compress Write-Output "---SEPARATOR---" } } } catch { Write-Error $_.Exception.Message; exit 1 } Engine Version = 4.0 Runspace ID = 4e55b7c3-e7f0-4f3f-9482-153f2423bd4a Pipeline ID = 1 Command Name = Command Type = Script Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The term 'Get-InstalledModule' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Fully Qualified Error ID = Microsoft.PowerShell.Commands.WriteErrorException el **hw#> E'b&  8P!#>@l(}Al( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hwx:+#> E'b&  8P!x:+#>@l(}Al( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hwW> E'b&  8P!W>@l(Al(, wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hwRe> E'b&  8P!Re>@l(Al(, wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hw > E'b&  8P! >@l(Al(H wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hw 4> E'b&  8P! 4>@l(Al(H wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hwm> E'b&  8P!m>@l(Al(\ wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hh**hwZ3.> E'b&  8P!Z3.>@l(Al(\ wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &toph**xw{> E'b&  8P!!j{>@l(Al(\ wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = fdd4bb50-ad06-460d-86b2-7160afd8624f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4f649993-ca16-4f62-bfe4-daa642bb4de5 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. sox**hw=> E'b&  8P!=>@l(Al(D wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hwY> E'b&  8P!Y>@l(Al(D wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hwQ:Q> E'b&  8P!Q:Q>@l(Al( L wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hw_> E'b&  8P!_>@l(Al( L wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hwX'_? E'b&  8P!X'_?@l(:Al(0 wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hh**hwܦ5_? E'b&  8P!ܦ5_?@l(:Al(0 wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &toph**hweÄ? E'b&  8P!eÄ?@l(Al(L wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceMh**hw*҄? E'b&  8P!*҄?@l(Al(L wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nteh**hw"? E'b&  8P!"?@l(yAl(wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-00h**hw? E'b&  8P!?@l(yAl(wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & igh**xwvz? E'b&  8P!!jvz?@l(Al(d wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 23dc0a3a-748b-4226-bf1d-ae0a8139357a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b5c7ef9e-d4b6-40ab-9e19-089ed9941945 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. opx**hwγ? E'b&  8P!γ?@l(Al(H wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceMh**hw? E'b&  8P!?@l(Al(H wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nteh**hwQ`? E'b&  8P!Q`?@l({Al( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-00h**hw!? E'b&  8P!!?@l({Al( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & igh**hw@ E'b&  8P!@@l(Al(HwMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onfh**hwmX@ E'b&  8P!mX@@l(Al(HwMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rCoh**hw&@ E'b&  8P!&@@l(8Al( @wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & igh**hw&@ E'b&  8P!&@@l(8Al( @wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hwy7;0@ E'b&  8P!y7;0@@l(9Al(HwMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &r Mh**hwI0@ E'b&  8P!I0@@l(9Al(HwMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hw_0@ E'b&  8P!_0@@l(@Al( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hw :0@ E'b&  8P! :0@@l(@Al( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**xw1@ E'b&  8P!!j1@@l(Al( L wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7c7c041d-66a3-45e9-bcc6-3b9ff9ac1cd8 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ece84e3d-1c3a-406c-8992-afd9ac7423c1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. sox**hwoH1@ E'b&  8P!oH1@@l(Al(dwMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hh**hwpV1@ E'b&  8P!pV1@@l(Al(dwMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &toph**hw3@ E'b&  8P!3@@l(Al(@wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceMh**hw3@ E'b&  8P!3@@l(Al(@wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nteh**hws4@ E'b&  8P!s4@@l(Al( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-00h**hw#4@ E'b&  8P!#4@@l(Al( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & igh**xw͓4@ E'b&  8P!!j͓4@@l(Al( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8872811a-9205-4c93-88dd-58b794b45b69 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 64c16baa-0ada-460d-8077-ee5e62bf94f0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. sox**hwS4@ E'b&  8P!S4@@l(Al(  wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hwD}4@ E'b&  8P!D}4@@l(Al(  wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hwۥ4@ E'b&  8P!ۥ4@@l(Al(p wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hw4@ E'b&  8P!4@@l(Al(p wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**xw]sc5@ E'b&  8P!!j]sc5@@l(Al(p0wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 17f4cc92-6706-466b-8f31-8cfc8bd26936 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 25d3c7c8-6be4-458b-99e3-a2ab8e048714 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hwr5@ E'b&  8P!r5@@l(Al( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &TEMh**hww5@ E'b&  8P!w5@@l(Al( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hw5@ E'b&  8P!5@@l( Al(T wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hwμ5@ E'b&  8P!μ5@@l( Al(T wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hwr5@ E'b&  8P!r5@@l("Al( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hwW5@ E'b&  8P!W5@@l("Al( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hw6@ E'b&  8P!6@@l(Al(t wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hw!6@ E'b&  8P!!6@@l(Al(t wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hwG<@ E'b&  8P!G<@@l(Al(L wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hw7<@ E'b&  8P!7<@@l(Al(L wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hw2@ E'b&  8P!2@@l(Al(wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hw&g@ E'b&  8P!&g@@l(Al(wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hw@ E'b&  8P!@@l(7 Al(xwMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hh**hwU@ E'b&  8P!U@@l(7 Al(xwMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &toph**hw@ E'b&  8P!@@l(C Al(wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceMh**hw,+@ E'b&  8P!,+@@l(C Al(wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nteh**xwDة@ E'b&  8P!!jDة@@l( Al(wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 19ddfbf2-e538-4dd5-8e2c-d492553f1b70 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b8d36365-e9e8-4334-8da9-64ed74d7d5dc Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. sox**hwEJ@ E'b&  8P!EJ@@l(!Al(\D wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hw@ E'b&  8P!@@l(!Al(\D wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hwjaE@ E'b&  8P!jaE@@l( Al( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hh**hw;%R@ E'b&  8P!;%R@@l( Al( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &toph**hwњwA E'b&  8P!њwA@l(O"Al(PwMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceMh**hwbGwA E'b&  8P!bGwA@l(O"Al(PwMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nteh**hxA E'b&  8P!A@l("Al(D xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-00h**hxϙA E'b&  8P!ϙA@l("Al(D xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & igh**hxA E'b&  8P!A@l(v Al(txMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onfh**hxA E'b&  8P!A@l(v Al(txMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rCoh**xxA E'b&  8P!!jA@l( Al(t xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = daa8de57-9cfb-43ef-8bf7-62d640480100 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6581a82c-5854-4c9d-9078-e4e4d86234c2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. tex**hxA E'b&  8P!A@l( #Al(4 xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-00h**hxRӫA E'b&  8P!RӫA@l( #Al(4 xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & igh**hxC$A E'b&  8P!C$A@l(;#Al(h xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onfh**hxP3A E'b&  8P!P3A@l(;#Al(h xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rCoh**h xB E'b&  8P!B@l(#Al(L xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & igh**h xB E'b&  8P!B@l(#Al(L xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h x2i*B E'b&  8P!2i*B@l( Al(T xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &r Mh**h xz*B E'b&  8P!z*B@l( Al(T xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**h xr3?B E'b&  8P!r3?B@l(E$Al(p xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hxA?B E'b&  8P!A?B@l(E$Al(pxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hxrHB E'b&  8P!rHB@l(L$Al( txMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hx12HB E'b&  8P!12HB@l(L$Al( txMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hxHB E'b&  8P!HB@l(Q$Al(xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hx0fHB E'b&  8P!0fHB@l(Q$Al(xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werhell/Operatio E'b&  8Pj|\IB@l($Al(xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ell/Operational &ah**hw"> E'b&  8P!">@l(NAl(wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah  8P & hElfChnkxbxxbx`$(P=f?mMF&a**x|\IB E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j|\IB@l($Al(xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6e5df65f-c3f6-4409-8fc7-6b9e3086439c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1c59fe40-b93f-4e23-854b-17c915eb91b9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. tha**xCKIB E'b&  8P9!CKIB@l($Al(4xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c(**hxIB E'b&  8P!IB@l($Al(4xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hxJB E'b&  8P!JB@l($Al(xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hx,KB E'b&  8P!,KB@l($Al(xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hx(KB E'b&  8P!(KB@l(G Al(( xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aHh**hxv6KB E'b&  8P!v6KB@l(G Al(( xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aHh**xxKB E'b&  8P!!jKB@l(Al(( 8xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 929891b3-948f-4686-81af-23b524529fde Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 352879d7-f133-4c20-a88b-1bb41d2b18e6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. irx**hxBKB E'b&  8P!BKB@l( Al(dxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &afe4h**hxrKB E'b&  8P!rKB@l( Al(dxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aUseh**hx LB E'b&  8P! LB@l(Al(t( xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aD h**hxLB E'b&  8P!LB@l(Al(t( xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aD h**xx=LB E'b&  8P!!j=LB@l(Al(txMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8ba1fc46-7a70-4b38-96d9-2b9c08a427d9 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5a858996-22d9-4634-aa36-3511bfd13008 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. tRx**h xQLB E'b&  8P!QLB@l(%Al(H  xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arouh**h!x]LB E'b&  8P!]LB@l(%Al(H !xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aapth**h"xLB E'b&  8P!LB@l(%Al(L "xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a# sh**h#xogLB E'b&  8P!ogLB@l(%Al(L #xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h$xLB E'b&  8P!LB@l(Al($xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arsth**h%xLB E'b&  8P!LB@l(Al(%xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aFirh**h&x԰MB E'b&  8P!԰MB@l(Al(\\&xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ae19h**h'x+MB E'b&  8P!+MB@l(Al(\\'xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aUseh**h(xm9B E'b&  8P!m9B@l(RAl( t(xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aH h**h)xqKB E'b&  8P!qKB@l(RAl( t)xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aH h**h*xKB E'b&  8P!KB@l(&Al(<$ *xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h+xB E'b&  8P!B@l(&Al(<$ +xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h,xI7B E'b&  8P!I7B@l(&Al(H ,xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aHh**h-xSEB E'b&  8P!SEB@l(&Al(H -xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aHh**x.xB E'b&  8P!!jB@l(Al(H .xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c0897e22-219a-4d5f-a568-545fd9e14b8f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = bfaeb70b-e175-4d4f-95cc-22e7f94c753d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ptx**h/x\B E'b&  8P!\B@l(Al( \/xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a# sh**h0xB E'b&  8P!B@l(Al( \0xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h1xXiB E'b&  8P!XiB@l('Al(1xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arsth**h2xDuB E'b&  8P!DuB@l('Al(2xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aFirh**h3xE C E'b&  8P!E C@l((Al(3xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a992h**h4xC E'b&  8P!C@l((Al(4xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aUseh**h5xK԰C E'b&  8P!K԰C@l(I(Al(5xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adh**h6xҨC E'b&  8P!ҨC@l(I(Al(6xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adh**h7x*C E'b&  8P!*C@l(Al(P 7xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h8x C E'b&  8P! C@l(Al(P 8xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**x9xc'C E'b&  8P!!jc'C@l(~Al(x9xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c9849e48-6aaf-49b6-917c-6fc31d18a246 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c911a49c-9695-4b9e-9805-6892ff5094fe Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. irx**h:xĽC E'b&  8P!ĽC@l((Al( :xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a077h**h;x=f˱C E'b&  8P!=f˱C@l((Al( ;xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aUseh**hx BD E'b&  8P! BD@l([Al( >xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aph**h?x:2BD E'b&  8P!:2BD@l([Al( ?xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aph**h@xWD E'b&  8P!WD@l(Al((@xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aph**hAxWD E'b&  8P!WD@l(Al((AxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hBx `D E'b&  8P! `D@l()Al( 8BxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &actih**hCx `D E'b&  8P! `D@l()Al( 8CxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Roh**hDx9`D E'b&  8P!9`D@l()Al( L DxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**hEx)qaD E'b&  8P!)qaD@l()Al( L ExMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aessh**xFxuaD E'b&  8P!!juaD@l(iAl( \FxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a5186c85-fa91-4bff-99c1-e24187e11268 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ce7f22cd-ab27-4c32-aa9c-63c2e3b259b3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error.  x**hGxLaD E'b&  8P!LaD@l(mAl((GxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hHxқaD E'b&  8P!қaD@l(mAl((HxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hIxecD E'b&  8P!ecD@l(Al( IxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hJxcD E'b&  8P!cD@l(Al( JxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hKx*cD E'b&  8P!*cD@l(Al((KxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hLxUcD E'b&  8P!UcD@l(Al((LxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xMxjQdD E'b&  8P!!jjQdD@l(sAl( MxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 72772247-cc2d-4688-ab9a-99c97bf12506 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 36c7de8c-257a-494a-905c-9390b4a44cad Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ntx**hNxOtodD E'b&  8P!OtodD@l(*Al(DNxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arsth**hOxT}dD E'b&  8P!T}dD@l(*Al(DOxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aFirh**hPxEdD E'b&  8P!EdD@l(*Al(D PxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ada9h**hQx eD E'b&  8P! eD@l(*Al(D QxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aUseh**hRx:fD E'b&  8P!:fD@l(0+Al(RxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a\h**hSxZ?fD E'b&  8P!Z?fD@l(0+Al(SxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a\h**hTx0qfD E'b&  8P!0qfD@l(Al(@(TxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hUxfD E'b&  8P!fD@l(Al(@(UxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hVx* gD E'b&  8P!* gD@l(T+Al(VxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hWx UgD E'b&  8P! UgD@l(T+Al(WxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xXxugD E'b&  8P!!jugD@l(p+Al(XxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3337f3fd-d380-49ec-9150-0eddaad94225 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = bad32659-3b0d-43b2-b58b-0321b2e740df Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ntx**hYx?gD E'b&  8P!?gD@l( Al( x YxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arsth**hZx gD E'b&  8P! gD@l( Al( x ZxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aFirh**h[x?(gD E'b&  8P!?(gD@l($Al(p[xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a078h**h\xwhD E'b&  8P!whD@l($Al(p\xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aUseh**x]xwhD E'b&  8P!!jwhD@l(Al( ]xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 29eef2c9-13be-4d31-b5e7-7cf27a8864ae Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 2abb8120-cf20-45c5-9404-4471d74df7dc Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h^xxhD E'b&  8P!xhD@l(Al( P^xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h_xRhD E'b&  8P!RhD@l(+Al( _xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h`xUhD E'b&  8P!UhD@l(Al( P`xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hax2hD E'b&  8P!2hD@l(+Al( axMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hbx4hD E'b&  8P!4hD@l(Al( bxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah  8P & hElfChnkcxxcxx`XtG[($=f?mMF&**XcxhD E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!hD@l(Al( cxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hdxJ iD E'b&  8P!J iD@l(S,Al(h dxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hex++iD E'b&  8P!++iD@l(S,Al(h exMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**hfxD E'b&  8P!D@l(,Al(tfxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**hgxH E'b&  8P!v>H@l(I!Al(4<xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hxLH E'b&  8P!LH@l(I!Al(4<xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hxJ;H E'b&  8P!J;H@l(!Al(D\xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hxIH E'b&  8P!IH@l(!Al(D\xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hx^>iH E'b&  8P!^>iH@l(9Al(xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8hP! E'b&  8Ps-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah  8P & hElfChnkxyxyXμB( =f?mMF &**XxwH E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!wH@l(9Al(xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**@x? H E'b&  8P!j? H@l(`:Al( xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  p;)(A? oData= ContextInfo A' =UserData A% =Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8b617f7d-bbe7-4107-919d-fd022a9966d1 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b6781177-ea14-4bc1-b129-f045d9ea9349 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**hxH E'b&  8P!H@l("Al(@xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceh**hx #H E'b&  8P! #H@l("Al(@xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**hxVDH E'b&  8P!VDH@l(e:Al(th xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & (-h**hxKcQH E'b&  8P!KcQH@l(e:Al(th xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**xxH E'b&  8P!!jH@l("Al(txMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d901c618-fa3f-44d7-93cd-498752095b82 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = dc7f3919-e885-4db0-8d15-4aed44683df1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Al($ xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**hx I E'b&  8P! I@l(G>Al($ xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**hxBHI E'b&  8P!BHI@l(c&Al(LxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hx>ѠI E'b&  8P!>ѠI@l(c&Al(LxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hxx,J E'b&  8P!x,J@l(?Al(@lxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hxn:J E'b&  8P!n:J@l(?Al(@lxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &inh**hxGJ E'b&  8P!GJ@l(&Al(P$ xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hxRUJ E'b&  8P!RUJ@l(&Al(P$ xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hxx۩J E'b&  8P!x۩J@l(!@Al( xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hxJ E'b&  8P!J@l(!@Al( xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hxg-J E'b&  8P!g-J@l(&Al( xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hxOl9J E'b&  8P!Ol9J@l(&Al( xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**xxJ E'b&  8P!!jJ@l(AAl( <xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e2521008-1799-4723-aa65-96d8d43afb37 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5f0f75bc-4c59-4805-839c-7522c0b2467d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. tix**hxiJ E'b&  8P!iJ@l(AAl( xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Roh**hxrJ E'b&  8P!rJ@l(AAl( xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**hxJ E'b&  8P!J@l(fAAl(p( xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &essh**hxձJ E'b&  8P!ձJ@l(fAAl(p( xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hxv.J E'b&  8P!v.J@l(AAl(  xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hx^j=J E'b&  8P!^j=J@l(AAl(  xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**xxRIJ E'b&  8P!!jRIJ@l(='Al( xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 18df6cd7-da21-4717-8377-c76d0b1bcd0f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1f681460-cf31-4dc1-b302-349a4414b18d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hx%߭J E'b&  8P!%߭J@l(A'Al(\P xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**hx\J E'b&  8P!\J@l(A'Al(\P xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**hx#) J E'b&  8P!#) J@l(L'Al(xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hx7J E'b&  8P!7J@l(L'Al(xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**xxJ E'b&  8P!!jJ@l(BAl(TxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8a2dff3f-9451-4cf1-9494-16726113a95a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9802ae81-0e05-4ced-9406-0800f7e22bda Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. K E'b&  8P!>K@l(CAl( yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hy?K E'b&  8P!?K@l(CAl( yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hy`K E'b&  8P!`K@l(jDAl(yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hy`K E'b&  8P!`K@l(jDAl(yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &inh**hyS[9`K E'b&  8P!S[9`K@l(pDAl( yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hyG`K E'b&  8P!G`K@l(pDAl( yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**xy`K E'b&  8P!!j`K@l(EAl( (yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e875026b-8974-423d-93f6-c26c78725792 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c29e7dc4-da54-43a7-ac0f-391b99f39347 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 7-x**hy`K E'b&  8P!`K@l(EAl(xyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &f (h**h y*`K E'b&  8P!*`K@l(EAl(x yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d (h**h yiaK E'b&  8P!iaK@l()Al( < yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**h ywwaK E'b&  8P!wwaK@l()Al( < yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**h yQK E'b&  8P!QK@l(EAl(  yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**h y -K E'b&  8P! -K@l(EAl(  yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**hyL E'b&  8P!L@l(FAl(H yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hyL E'b&  8P!L@l(FAl(H yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hyL E'b&  8P!L@l(FAl( yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hy\L E'b&  8P!\L@l(FAl( yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ueh**hxv>H E'b&  8P!jL@l(FAl( yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @*hxLH E'b&  8P!LH@l(I!Al(4<xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hxJ;H E'b&  8P!J;H@l(!Al(D\xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hxIH E'b&  8P!IH@l(!Al(D\xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hx^>iH E'b&  8P!^>iH@l(9Al(xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8hP! E'b&  8Ps-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah  8P & hElfChnkydyydy@](P=f?mMF&a**yL E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jL@l(FAl( yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8027b78b-1a56-4724-b484-a16725d94787 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4a070dcb-b0d2-4cfd-9aca-fd49fa0ea348 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. man**yL E'b&  8P9!L@l(FAl(L yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c( **hy\L E'b&  8P!\L@l(FAl(L yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aaceh**hyKL E'b&  8P!KL@l(FAl(0 yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**hyWL E'b&  8P!WL@l(FAl(0 yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**hyL E'b&  8P!L@l(xGAl(X  yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**hy L E'b&  8P! L@l(xGAl(X  yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hyڞL E'b&  8P!ڞL@l(+Al(4yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hyyL E'b&  8P!yL@l(+Al(4yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hyTL E'b&  8P!TL@l(+,Al(`` yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hybL E'b&  8P!bL@l(+,Al(`` yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hywGL E'b&  8P!wGL@l(GAl(yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hyZL E'b&  8P!ZL@l(GAl(yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hy:L E'b&  8P!:L@l(5,Al(\TyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**h yML E'b&  8P!ML@l(5,Al(\T yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**x!yML E'b&  8P!!jML@l(,Al(\ !yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c3e7e12c-d668-4fe5-be2f-36c944cc1fd0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 24f8b757-f371-4e9f-bd80-dff18ce8ac24 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -nx**h"yO~L E'b&  8P!O~L@l(LHAl( "yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h#y֝L E'b&  8P!֝L@l(LHAl( #yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h$y۩L E'b&  8P!۩L@l(HAl(H$yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h%yǵL E'b&  8P!ǵL@l(HAl(H%yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h&yL E'b&  8P!L@l(HAl( &yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aAdh**h'y@L E'b&  8P!@L@l(HAl( 'yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**x(yVL E'b&  8P!!jVL@l(B-Al( (yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 22b25bf4-431b-4caf-b1d9-90d0664cfa83 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f2206a80-68af-429d-934c-cbb3b54d2474 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Scx**h)yy(mL E'b&  8P!(mL@l(LAl(@8 >yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h?yMoWM E'b&  8P!MoWM@l(MAl( ?yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h@yWM E'b&  8P!WM@l(MAl( @yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hAys~M E'b&  8P!s~M@l(=NAl(AyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atih**hByმ~M E'b&  8P!მ~M@l(=NAl(ByMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Roh**hCyt"~M E'b&  8P!t"~M@l(*.Al(TCyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**hDyð~M E'b&  8P!ð~M@l(*.Al(TDyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aessh**xEydM E'b&  8P!!jdM@l(.Al( EyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 597fc026-f3d9-4901-8f29-746568baac35 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 652e3df2-c359-4b11-9b21-29ec9f74c935 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. {x**hFy.M E'b&  8P!.M@l(NAl( (FyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hGy˓M E'b&  8P!˓M@l(NAl( (GyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hHy^ M E'b&  8P!^ M@l(&OAl(xHyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $h**hIyM E'b&  8P!M@l(&OAl(xIyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hJy@ N E'b&  8P!@ N@l(j/Al(TJyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hKyeS N E'b&  8P!eS N@l(j/Al(TKyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hLynp`1N E'b&  8P!np`1N@l(/Al(`LyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hMy@vt1N E'b&  8P!@vt1N@l(/Al(`MyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hNyi1N E'b&  8P!i1N@l(0Al(4 NyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hOy1N E'b&  8P!1N@l(0Al(4 OyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**xPy>2N E'b&  8P!!j>2N@l(PAl(4 PyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d57e69fb-5f87-4535-9983-ff42c57b01f1 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 22f9af46-3dd2-4432-a7b6-98251064aa31 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hQyAui2N E'b&  8P!Aui2N@l(PAl(QyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**hRy^w2N E'b&  8P!^w2N@l(PAl(RyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hSyp2N E'b&  8P!p2N@l(cQAl( SyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hTy2N E'b&  8P!2N@l(cQAl( TyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hUyU N E'b&  8P!U N@l(_0Al(UyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hVyb%N E'b&  8P!b%N@l(_0Al(VyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hWy(N E'b&  8P!(N@l(0Al( WyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hXyN E'b&  8P!N@l(0Al( XyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hYy2AN E'b&  8P!2AN@l(`RAl(4 YyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ainh**hZy;PN E'b&  8P!;PN@l(`RAl(4 ZyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**[yhN E'b&  8P]!jhN@l(K1Al(4 ( [yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4846a2b6-afe4-4b35-b185-cffba4cd87ab Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-54dnpjoy.coq.ps1 Engine Version = 4.0 Runspace ID = 0d7bf1a9-b013-4678-979a-83d34acc1396 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. and **h\yuN E'b&  8P!uN@l(tRAl(  \yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aorAh**h]yN E'b&  8P!N@l(tRAl(  ]yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aacAh**x^yYN E'b&  8P!!jYN@l(!2Al( x ^yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = acd3004e-7e33-44f9-9d67-edd7957f3f4b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e309175a-9a9e-425f-856b-b010ad314999 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**h_y'"6N E'b&  8P!'"6N@l(RAl((_yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**h`yBN E'b&  8P!BN@l(RAl((`yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hayH N E'b&  8P!H N@l(RAl(`ayMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hbyD9N E'b&  8P!D9N@l(RAl(`byMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hcyMN E'b&  8P!MN@l(RAl( x cyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hdyN E'b&  8P!N@l(RAl( x dyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Whdows-PowerSh E'b&  8PE'bjdN@l(2Al( eyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @dows-PowerShell/Operational &8h**hxIH E'b&  8P!IH@l(!Al(D\xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hx^>iH E'b&  8P!^>iH@l(9Al(xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8hP! E'b&  8Ps-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah  8P & hElfChnkeyyeyy`6u(P=f?mMF&a**eydN E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jdN@l(2Al( eyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 705cdbcb-cbd0-4664-8c19-5dab332334e7 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 058e6163-b7b0-4144-a758-a27329f21fdc Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. man**fy)DN E'b&  8P9!)DN@l(2Al(<fyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c( **hgyOxRN E'b&  8P!OxRN@l(2Al(<gyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aaceh**hhyN E'b&  8P!N@l(SAl(` hyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**hiy5N E'b&  8P!5N@l(SAl(` iyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**hjyN E'b&  8P!N@l(SAl(\ jyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**hky.N E'b&  8P!.N@l(SAl(\ kyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xlyEN E'b&  8P!!jEN@l(3Al(\ lyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = baba8acb-c9f3-418b-a3ab-1164ddbf19c2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 84f32f6e-65e6-49c3-b0cd-fcf0c01926d4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hmycN E'b&  8P!cN@l(SAl($myMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hny?N E'b&  8P!?N@l(SAl($nyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hoynN E'b&  8P!nN@l(3Al( oyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hpy3N E'b&  8P!3N@l(3Al( pyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hqy 'N E'b&  8P! 'N@l(TAl(@qyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hry)8N E'b&  8P!)8N@l(TAl(@ryMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**xsypN E'b&  8P!!jpN@l(u4Al( syMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e1e7e44d-93c1-4594-bb03-807c49f88206 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c857d378-04b2-475a-8823-cdd2ec9244d6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hty{vN E'b&  8P!{vN@l(y4Al(`tyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**huy{bN E'b&  8P!{bN@l(y4Al(`uyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hvyi N E'b&  8P!i N@l(4Al(XvyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hwyFN E'b&  8P!FN@l(4Al(XwyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**xxymN E'b&  8P!!jmN@l(,UAl(X8 xyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2caf6530-1e4a-4326-8bf8-846c0e77d585 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9c076466-0f3b-49c5-ac23-f079a9fcf4d7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Al(XyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hyZQ E'b&  8P!ZQ@l(>Al(XyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hy^R E'b&  8P!^R@l(\>Al(yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hyu^R E'b&  8P!u^R@l(\>Al(yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hye>sR E'b&  8P!e>sR@l(]Al(<DyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hy'RsR E'b&  8P!'RsR@l(]Al(<DyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hyusR E'b&  8P!usR@l(>Al(@,yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hy sR E'b&  8P! sR@l(>Al(@,yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**xy%tR E'b&  8P!!j%tR@l(8^Al(@lyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e0b34fda-f6c9-438b-b68b-7ea7568821ad Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7ee1af41-0995-4475-a428-34554aae9595 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**hyP"9tR E'b&  8P!P"9tR@l(9^Al(yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hy EtR E'b&  8P! EtR@l(9^Al(yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hy+tR E'b&  8P!+tR@l(?Al(yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hytR E'b&  8P!tR@l(?Al(yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hyTS E'b&  8P!TS@l(*_Al(Lh yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hy>S E'b&  8P!>S@l(*_Al(Lh yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hylS E'b&  8P!lS@l(_Al(T,yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hy]S E'b&  8P!]S@l(_Al(T,yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hyʟS E'b&  8P!ʟS@l(@Al( yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hy@S E'b&  8P!@S@l(@Al( yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**y|S E'b&  8P]!j|S@l(@Al(yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6c604e9c-1a90-4041-beb7-56b877e5d54d Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-5qsvqjdw.yne.ps1 Engine Version = 4.0 Runspace ID = 26333e44-188c-4ac7-8a97-964da79b5be5 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -No**hyS E'b&  8P!S@l(H`Al(8 yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & $rh**hy/S E'b&  8P!/S@l(H`Al(8 yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**xy-ӌS E'b&  8P!!j-ӌS@l(AAl(8 d yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f18252a4-53e8-43d6-a2ce-12922d57460e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 3a67a3e3-7d3b-4075-9b07-357acb89e528 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 0x**hyfBS E'b&  8P!fBS@l(`Al( yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hyrS E'b&  8P!rS@l(`Al( yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &;/h**hy]!S E'b&  8P!]!S@l(KaAl(XyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &;h**hy!S E'b&  8P!!S@l(KaAl(XyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &5h**hy!S E'b&  8P!!S@l(7AAl(yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &?h**hy!S E'b&  8P!!S@l(7AAl(yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**xyW"S E'b&  8P!!jW"S@l(BAl( yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0d634a9a-f344-46c1-aeb1-751ea4630aff Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 19fe6433-f686-4920-9e5a-e4034f30e588 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. d x**hyq,S E'b&  8P!q,S@l(BAl(t yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &bleh**hyp -S E'b&  8P!p -S@l(BAl(t yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hyF|;S E'b&  8P!F|;S@l(BAl(H yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**hy&;S E'b&  8P!&;S@l(BAl(H yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &/h**hyf;S E'b&  8P!f;S@l( BAl( yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &}h**hy۴;S E'b&  8P!۴;S@l( BAl( yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &pUh**xy M9CS E'b&  8P!$>9CS@l(cAl(0yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &c2fh**xy,CS E'b&  8P!!j,CS@l( CAl( yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c49ccd86-3497-4e2b-b00e-c81fee27e65b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 66016ecf-4b0f-451c-80eb-07e35d0ccd6c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**hyqCS E'b&  8P!qCS@l(cAl(dyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hyCS E'b&  8P!CS@l(cAl(dyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hy(DS E'b&  8P!(DS@l(3CAl( yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hy0DS E'b&  8P!0DS@l(3CAl( yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hy66DS E'b&  8P!66DS@l(XdAl(d yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hyEDS E'b&  8P!EDS@l(XdAl(d yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &83bh**hy1\DS E'b&  8P!1\DS@l(CAl(<0yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**hyjDS E'b&  8P!jDS@l(CAl(<0yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**hypIS E'b&  8P!pIS@l(CAl(D yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &orAh**hyYS E'b&  8P!YS@l(CAl(D yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &acAh**hyN&S E'b&  8P!N&S@l(eAl(8 yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ h**hy,6S E'b&  8P!,6S@l(eAl(8 yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ed h**hyTVS E'b&  8P!TVS@l(CAl(yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &bleh**hykS E'b&  8P!kS@l(CAl(yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**xyfS E'b&  8P!!jfS@l(XDAl(L yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 09d3ee26-4a94-43fb-bf7a-eadbe307f3d1 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5a4d5896-e1a5-4a74-8340-55b6b9aaa3bb Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. cAx**hy.S E'b&  8P!.S@l(8fAl(4yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ h**hyXS E'b&  8P!XS@l(8fAl(4yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ed h**hyS E'b&  8P!S@l(DAl(yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &bleh**hzϗS E'b&  8P!ϗS@l(DAl(zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hzT E'b&  8P!T@l(EAl(4zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**hzt'T E'b&  8P!t'T@l(EAl(4zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &b h**hz0T E'b&  8P!0T@l($gAl( zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hzT E'b&  8P!T@l($gAl( zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &i,4h**hzœ$T E'b&  8P!œ$T@l(7EAl(x zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &FCh**hz2T E'b&  8P!2T@l(7EAl(x zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &G\h E'b& E'b&  8PQjtT@l(EAl(x zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ E'b&  8P!1gQ@l(czѹ^U E'b&  8P!ѹ^U@l(DlAl(>zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ammah**h?z8^U E'b&  8P!8^U@l(DlAl(?zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &awayh**h@z]yU E'b&  8P!]yU@l(lAl( (@zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atewh**hAzByU E'b&  8P!ByU@l(lAl( (AzMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hBzd`U E'b&  8P!d`U@l(lAl(PBzMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah =h**hCzU E'b&  8P!U@l(lAl(PCzMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hDz"lU E'b&  8P!"lU@l(LmAl(L DzMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hEz}V E'b&  8P!}V@l(LmAl(L EzMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hFzW"V E'b&  8P!W"V@l("IAl(` FzMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hGz$1V E'b&  8P!$1V@l("IAl(` GzMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah   E'b&  8PMijt9V@l(nAl(`HzMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @  8P!t'T@l(EAl(4zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &b h**hz0T E'b&  8P!0T@l($gAl( zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hzT E'b&  8P!T@l($gAl( zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &i,4h**hzœ$T E'b&  8P!œ$T@l(7EAl(x zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &FCh**hz2T E'b&  8P!2T@l(7EAl(x zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &G\h E'b& E'b&  8PQjtT@l(EAl(x zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ E'b&  8P!1gQ@l(csAl( xzMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &andoh**hyz˧jW E'b&  8P!˧jW@l(>sAl( yzMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &andoh**hzzjW E'b&  8P!jW@l(?sAl(lzzMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &andoh**h{zjW E'b&  8P!jW@l(?sAl(l{zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &andoh**h|zjW E'b&  8P!jW@l(!PAl(( |zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &andoh**h}z[jW E'b&  8P![jW@l(!PAl(( }zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &andoh**h~z66kW E'b&  8P!66kW@l(1Z E'b&  8P!U>1Z@l({YAl( zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahelh**hzJ1Z E'b&  8P!J1Z@l({YAl( zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hzsRZ E'b&  8P!sRZ@l(?}Al(H zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hz,ORZ E'b&  8P!,ORZ@l(?}Al(H zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hzSZ E'b&  8P!SZ@l(G}Al( zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hzqSZ E'b&  8P!qSZ@l(G}Al( zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**xz~;SZ E'b&  8P!!j~;SZ@l(ZAl( pzMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 047e369f-ace4-467d-8d5e-ecd92cbdb09b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6b486243-7dd6-4e37-a3e5-6b459d11c192 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. erx**hz֚SZ E'b&  8P!֚SZ@l(}Al(P zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atrih**hzhSZ E'b&  8P!hSZ@l(}Al(P zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetAh**hzFTZ E'b&  8P!FTZ@l(}Al( zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a'00h**hz&RTZ E'b&  8P!&RTZ@l(}Al( zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a cah**hz9#kZ E'b&  8P!9#kZ@l([Al( zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aworh**hzwZ E'b&  8P!wZ@l([Al( zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetwh**hz[ E'b&  8P![@l(0\Al(|zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aatch**hzL[ E'b&  8P!L[@l(0\Al(|zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aameh**hz[ E'b&  8P![@l(8\Al(tlzMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahelh**hz-[ E'b&  8P!-[@l(8\Al(tlzMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**xz`[ E'b&  8P!!j`[@l(~Al(t zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = de773781-615c-4d5a-aebe-f386e2a44d3f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c8310534-52c1-4503-8cff-790c6fe478f5 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. erx**hzV[ E'b&  8P!V[@l(\Al(x zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atrih**hzN[ E'b&  8P!N[@l(\Al(x zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetAh**hzZ[ E'b&  8P!Z[@l(<Al( zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a'00h**hz5g[ E'b&  8P!5g[@l(<Al( zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a cah**hz-1[ E'b&  8P!-1[@l(YAl( d zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aworh**hzA[ E'b&  8P!A[@l(YAl( d zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetwh**hz[ E'b&  8P![@l(vAl( zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aatch**hzZ%[ E'b&  8P!Z%[@l(vAl( zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aameh**hz[ E'b&  8P![@l(Al( \zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahelh**hzE-([ E'b&  8P!E-([@l(Al( \zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hz =[ E'b&  8P! =[@l(Al(,X zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hzH[ E'b&  8P!H[@l(Al(,X zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hzj[[ E'b&  8P!j[[@l(Al( zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hz3g[ E'b&  8P!3g[@l(Al( zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hz${[ E'b&  8P!${[@l(Al( zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hz9[ E'b&  8P!9[@l(Al( zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hz[ E'b&  8P![@l(]Al(zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hz߇[ E'b&  8P!߇[@l(]Al(zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hz[ E'b&  8P![@l(Al(\ zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hz[ E'b&  8P![@l(Al(\ zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hz3[ E'b&  8P!3[@l(]Al(TzMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hzM[ E'b&  8P!M[@l(]Al(TzMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hzt[ E'b&  8P!t[@l(Al(L<zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hz [ E'b&  8P! [@l(Al(L<zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hz [ E'b&  8P! [@l(]Al( zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &axh**hzn) [ E'b&  8P!n) [@l(]Al( zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8hP & hElfChnkzm{zm{HS1; F,(~=f?mMFi~&**Xz ; [ E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU! ; [@l(Al(zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hzZI [ E'b&  8P!ZI [@l(Al(zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hzIZ [ E'b&  8P!IZ [@l(]Al(0zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**hz*f [ E'b&  8P!*f [@l(]Al(0zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**hzx [ E'b&  8P!x [@l(Al(zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**hz3 [ E'b&  8P!3 [@l(Al(zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &00-h**hzj [ E'b&  8P!j [@l(Al( zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**hzs [ E'b&  8P!s [@l(Al( zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nfih**hz [ E'b&  8P! [@l(Al(@PzMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Conh**h{ [ E'b&  8P! [@l(Al(@P{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**h{Ú [ E'b&  8P!Ú [@l(]Al({Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h{ [ E'b&  8P! [@l(]Al({Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Meh**h{x [ E'b&  8P!x [@l(Al( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**h{$ [ E'b&  8P!$ [@l(Al( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h{$ [ E'b&  8P!$ [@l(]Al(d  {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h{  [ E'b&  8P!  [@l(]Al(d  {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h{e/ [ E'b&  8P!e/ [@l(Al(< {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h{i: [ E'b&  8P!i: [@l(Al(< {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a9ah**h {L [ E'b&  8P!L [@l(]Al((  {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &esxh**h {?jZ [ E'b&  8P!?jZ [@l(]Al((  {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h {l [ E'b&  8P!l [@l(Al(H X {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &or.h**h {x [ E'b&  8P!x [@l(Al(H X {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & &h**h {E [ E'b&  8P!E [@l(]Al( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & &h**h{ [ E'b&  8P! [@l(]Al({Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h{; [ E'b&  8P!; [@l(Al(|{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &on h**h{b [ E'b&  8P!b [@l(Al(|{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &enth**h{ɧ [ E'b&  8P!ɧ [@l(]Al({Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ileh**h{ [ E'b&  8P! [@l(]Al({Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ct-h**h{ [ E'b&  8P! [@l(Al(l{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h{r [ E'b&  8P!r [@l(Al(l{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Ch**h{E [ E'b&  8P!E [@l(]Al(t {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & $_h**h{ [ E'b&  8P! [@l(]Al(t {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**h{~# [ E'b&  8P!~# [@l(Al(8( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Rh**h{0 [ E'b&  8P!0 [@l(Al(8( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h{$TB [ E'b&  8P!$TB [@l(]Al(,{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h{O [ E'b&  8P!O [@l(]Al(,{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h{b [ E'b&  8P!b [@l(]Al( H{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h{6n [ E'b&  8P!6n [@l(]Al( H{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h{ [ E'b&  8P! [@l(^Al(4{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h{[ [ E'b&  8P![ [@l(^Al(4{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h{x [ E'b&  8P!x [@l(Al( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h {9ǹ [ E'b&  8P!9ǹ [@l(Al(  {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t Nh**h!{ [ E'b&  8P! [@l(^Al( `!{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &utih**h"{` [ E'b&  8P!` [@l(^Al( `"{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tioh**h#{rZ [ E'b&  8P!rZ [@l(]Al(@ #{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &) {h**h${?_f [ E'b&  8P!?_f [@l(]Al(@ ${Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**h%{! [ E'b&  8P!! [@l(`Al(P%{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &e ah**h&{Qh [ E'b&  8P!Qh [@l(`Al(P&{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & $ch**h'{, [ E'b&  8P!, [@l(nAl('{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**h({j [ E'b&  8P!j [@l(nAl(({Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & ih**h){I%[ E'b&  8P!I%[@l(zAl( ){Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h*{mD3[ E'b&  8P!mD3[@l(zAl( *{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &\SYh**h+{}E[ E'b&  8P!}E[@l(|Al( +{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h,{Q[ E'b&  8P!Q[@l(|Al( ,{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h-{je[ E'b&  8P!je[@l(Al($ 8-{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h.{r[ E'b&  8P!r[@l(Al($ 8.{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h/{[ E'b&  8P![@l(Al(,/{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h0{ۛ[ E'b&  8P!ۛ[@l(Al(,0{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h1{![ E'b&  8P!![@l(Al( 1{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h2{x[ E'b&  8P!x[@l(Al( 2{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h3{I[ E'b&  8P!I[@l(Al(3{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= 'h**h4{4[ E'b&  8P!4[@l(Al(4{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &erfh**h5{)[ E'b&  8P!)[@l(Al($ 5{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &r -h**h6{<8[ E'b&  8P!<8[@l(Al($ 6{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &0-0h**h7{L[ E'b&  8P!L[@l(^Al( d 7{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h8{.[[ E'b&  8P!.[[@l(^Al( d 8{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**h9{qv[ E'b&  8P!qv[@l(^Al(p 9{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &apth**h:{7[ E'b&  8P!7[@l(^Al(p :{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h;{-[ E'b&  8P!-[@l(Al( ;{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h<{[ E'b&  8P![@l(Al( <{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Errh**h={|[ E'b&  8P!|[@l(^Al(p ={Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &s-Ph**h>{[ E'b&  8P![@l(^Al(p >{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &s-Ph**h?{[ E'b&  8P![@l(^Al(\ ?{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &s-Ph**h@{[ E'b&  8P![@l(^Al(\ @{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &s-Ph**hA{=[ E'b&  8P!=[@l(^Al(A{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &s-Ph**hB{MK[ E'b&  8P!MK[@l(^Al(B{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &s-Ph**hC{[ E'b&  8P![@l(Al(C{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &s-Ph**hD{^p[ E'b&  8P!^p[@l(Al(D{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hE{[ E'b&  8P![@l(^Al(t E{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &etRh**hF{[ E'b&  8P![@l(^Al(t F{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &etAh**hG{X[ E'b&  8P!X[@l(6_Al(G{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sih**hH{\([ E'b&  8P!\([@l(6_Al(H{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &s h**hI{Hj[ E'b&  8P!Hj[@l(9_Al(X I{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ h**hJ{`y[ E'b&  8P!`y[@l(9_Al(X J{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &$_.h**@K{@[ E'b&  8P!j@[@l(JAl(X K{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational i~p;)(A?~oData= ContextInfo A'~=UserData A%~=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 74ca6400-07f0-4784-b725-27b07c1a34c4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 566e5089-67a8-4eb6-a842-44a328be4b5e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**hL{[ E'b&  8P![@l(_Al(@L{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &pteh**hM{(([ E'b&  8P!(([@l(_Al(@M{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hN{j}׮[ E'b&  8P!j}׮[@l(_Al( TN{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-Clh**hO{g![ E'b&  8P!g![@l(_Al( TO{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &bjeh**P{[ E'b&  8P]!j[@l(`Al( P{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational i~@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2f1dafc1-45f0-454c-984e-f25c77dc5443 Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-tkaifvya.xt1.ps1 Engine Version = 4.0 Runspace ID = da19befb-c753-4048-928e-4c6c5be5f48e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. l(,**hQ{hg[ E'b&  8P!hg[@l(Al(Q{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hR{[ E'b&  8P![@l(Al(R{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**xS{ [ E'b&  8P!!j [@l(`Al(p S{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational i~@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8c1622d0-3f4c-49d9-8ce4-0c8fca358583 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f9968361-edbe-40dd-bdf4-907a8855fe06 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ngx**hT{{[ E'b&  8P!{[@l(`Al(,T{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nteh**hU{Xxȯ[ E'b&  8P!Xxȯ[@l(`Al(,U{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &etRh**hV{癱[ E'b&  8P!癱[@l(Al( 4V{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rouh**hW{K5[ E'b&  8P!K5[@l(Al( 4W{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &apth**hX{sDű[ E'b&  8P!sDű[@l(Al( X{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &# sh**hY{xӱ[ E'b&  8P!xӱ[@l(Al( Y{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**xZ{L[ E'b&  8P!!jL[@l(Al(Z{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational i~@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e2949efc-afae-4819-9ed2-59f733c97f07 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a951e566-6893-49fd-9369-b0e2f7f92e51 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h[{! [ E'b&  8P!! [@l(aAl(<X[{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h\{o[ E'b&  8P!o[@l(aAl(<X\{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h]{r[ E'b&  8P!r[@l(˃Al(]{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h^{^[ E'b&  8P!^[@l(˃Al(^{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ingh**h_{Z-[ E'b&  8P!Z-[@l(aAl(Xd_{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nteh**h`{:[ E'b&  8P!:[@l(aAl(Xd`{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &etRh**xa{[ E'b&  8P!!j[@l(aAl(XLa{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational i~@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2eb23565-5fb4-4cca-8386-df17652a9cb1 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a3670274-0548-4ae6-88e2-809a4a653d17 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hb{4[ E'b&  8P!4[@l(aAl(( b{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hc{Ό[ E'b&  8P!Ό[@l(aAl(( c{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hd{km[ E'b&  8P!km[@l(sAl(l d{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**he{e[ E'b&  8P!e[@l(RbAl(X<e{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hf{[ E'b&  8P![@l(sAl(l f{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hg{[ E'b&  8P![@l(RbAl(X<g{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hh{,:[ E'b&  8P!,:[@l(wbAl(L h{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hi{f[ E'b&  8P!>f[@l(Al(Xp{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hq{:[ E'b&  8P!:[@l(Al(Xq{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hr{[ E'b&  8P![@l(Al(l r{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hs{[ E'b&  8P![@l(Al(l s{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**ht{1@ [ E'b&  8P!1@ [@l(cAl( Xt{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hu{}[ E'b&  8P!}[@l(cAl( Xu{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hv{gE[ E'b&  8P!gE[@l(cAl( Pv{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hw{_S[ E'b&  8P!_S[@l(cAl( Pw{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hx{%m\ E'b&  8P!%m\@l(%dAl(,x{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hy{Wm\ E'b&  8P!Wm\@l(%dAl(,y{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hz{D\ E'b&  8P!D\@l(dAl( z{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h{{!\ E'b&  8P!!\@l(dAl( {{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h|{A\ E'b&  8P!A\@l(Al(4|{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h}{O\ E'b&  8P!O\@l(Al(4}{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**x~{~f߅\ E'b&  8P!!j~f߅\@l(xeAl(8~{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5b7dddf2-4e08-4caa-bc16-40766deaef45 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d87bdc4a-37b9-4dd7-8e9c-6022ecb6f47a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h{\ E'b&  8P!\@l(Al(H {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h{| \ E'b&  8P!| \@l(Al(H {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h{u\ E'b&  8P!u\@l(7Al(`{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h{뒆\ E'b&  8P!뒆\@l(7Al(`{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h{h! ] E'b&  8P!h! ]@l(zfAl({Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h{ ] E'b&  8P! ]@l(zfAl({Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h{7] E'b&  8P!7]@l( Al( P{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h{@7] E'b&  8P!@7]@l( Al( P{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h{9;8] E'b&  8P!9;8]@l(Al(` {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h{$8] E'b&  8P!$8]@l(Al(` {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**x{퀷8] E'b&  8P!!j퀷8]@l(gAl(` {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1efcde6c-e93c-4b0e-98cc-7165c2a37616 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = dc5063af-4beb-4747-a279-18cab0cd299e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @x**h{\8] E'b&  8P!\8]@l(xAl(H {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &;@h**h{H8] E'b&  8P!H8]@l(xAl(H {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &;@h**h{[9] E'b&  8P![9]@l(gAl(\ {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &;@h**h{j9] E'b&  8P!j9]@l(gAl(\ {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &;@h**h{a] E'b&  8P!a]@l(Al(x {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &;@h**h{T] E'b&  8P!T]@l(Al(x {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &;@h**h{q] E'b&  8P!q]@l(Al(\ {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &;@h**h{ ~] E'b&  8P! ~]@l(Al(\ {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &;@h**h{M] E'b&  8P!M]@l(Al( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &;@h**h{]] E'b&  8P!]]@l(Al( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &;@h**h{+] E'b&  8P!+]@l(Al(( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &;@h**h{] E'b&  8P!]@l(Al(( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &;@h**x{5] E'b&  8P!!j5]@l(.Al({Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e26fb716-3d1b-482e-8cae-00184dc3a142 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f77e5393-fdb2-409a-91b3-473adaef0653 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h{-e] E'b&  8P!-e]@l(2Al(H{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h{2v] E'b&  8P!2v]@l(2Al(H{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h{] E'b&  8P!]@l(9iAl(H{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &outh**h{8] E'b&  8P!8]@l(:iAl( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &daph**h{U] E'b&  8P!U]@l(9iAl(H{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &lenh**h{Yn] E'b&  8P!Yn]@l(:iAl( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h{e ] E'b&  8P!e ]@l(Al( P {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h{] E'b&  8P!]@l(Al( P {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Defh**x{] E'b&  8P!!j]@l(iAl( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7b2dd1ea-e683-4c4a-bb33-2aecfc217b6c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 65759a74-03e1-4bb0-a1d0-1a851c375d0d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h{i,] E'b&  8P!i,]@l(iAl(H{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &hgh**h{{] E'b&  8P!{]@l(iAl(H{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h{8S] E'b&  8P!8S]@l(iAl(t{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h{L] E'b&  8P!L]@l(iAl(t{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Seh**x{T`] E'b&  8P!!jT`]@l(ڋAl({Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4807320b-8d1c-4043-b894-6e964f651a93 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8d0be5d3-221b-49fb-a5ba-b899a657f1a2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. xȯx**h{}] E'b&  8P!}]@l(ۋAl($ {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &癱h**h{b] E'b&  8P!b]@l(ۋAl($ {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &K5h**h{] E'b&  8P!]@l(jAl( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &sDűh**h{(] E'b&  8P!(]@l(jAl( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &xӱh**h{T] E'b&  8P!T]@l(@Al(p8 {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Lh**h{i{] E'b&  8P!i{]@l(@Al(p8 {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Seh**h{#] E'b&  8P!#]@l(vjAl( p{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-Noh**h{] E'b&  8P!]@l(vjAl( p{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & $rh**h{dB^ E'b&  8P!dB^@l( Al(X\ {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h{m^ E'b&  8P!m^@l( Al(X\ {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h{^ E'b&  8P!^@l(jAl( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tchh**h{^ E'b&  8P!^@l(jAl( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Acth**h{ ^ E'b&  8P! ^@l(Al(D{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eleh**h{C/^ E'b&  8P!C/^@l(Al(D{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Seh**x{LƋ^ E'b&  8P!!jLƋ^@l(kAl(D {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 08059a75-dcd3-412d-aca4-d0d7676ef811 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 94c626b3-94b6-4b22-9ba1-fe78a60827a1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $rx**h{l^ E'b&  8P!l^@l(kAl( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h{n^ E'b&  8P!n^@l(kAl( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h{n^ E'b&  8P!n^@l(Al( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tchh**h{!}^ E'b&  8P!!}^@l(Al( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Acth**h{^ E'b&  8P!^@l(Al( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eleh**h{u!^ E'b&  8P!u!^@l(Al( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Seh**h{ 9_ E'b&  8P! 9_@l(ڎAl( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &027h**h{N&9_ E'b&  8P!N&9_@l(ڎAl( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &r =h**h{=_ E'b&  8P!=_@l(Al( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h{L=_ E'b&  8P!L=_@l(Al( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h{*~=_ E'b&  8P!*~=_@l(Al(<H {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h{O=_ E'b&  8P!O=_@l(Al(<H {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**x{H>_ E'b&  8P!!jH>_@l(gmAl(<({Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 288b6ef6-b36d-400c-a9a7-c967ed059278 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 58c785a8-653e-450e-9e51-cbdaf4fb8505 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ctx**h{`>_ E'b&  8P!`>_@l(hmAl( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eleh**h{*>_ E'b&  8P!*>_@l(hmAl( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Seh**h{8?_ E'b&  8P!8?_@l(׏Al(p {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &921h**h{05G?_ E'b&  8P!05G?_@l(׏Al(p {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &r =h**h{x_ E'b&  8P!x_@l(nAl(@{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h{l_ E'b&  8P!l_@l(nAl(@{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h{h_ E'b&  8P!h_@l(nAl( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &hG[@l(5Al( E'b&  8P;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &helhOperational &a8hP & hElfChnk{|{|`A-Ŷ~F3(=f?mMFQ&**X{_ E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!_@l(nAl( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**h{T_ E'b&  8P!T_@l(lAl(\{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h{V__ E'b&  8P!V__@l(lAl(\{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Verh**h{:_ E'b&  8P!:_@l(nAl( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Acth**h{]_ E'b&  8P!]_@l(nAl( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t Rh**@{*_ E'b&  8P!j*_@l(:oAl( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Qp;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 950f643f-2945-494d-bcde-79392bbf13d2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ded34b7c-6166-431f-958a-1da7b6e47dd9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**h{HY_ E'b&  8P!HY_@l(;oAl( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h{hQg_ E'b&  8P!hQg_@l(;oAl( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h{8E_ E'b&  8P!8E_@l(KAl({Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h{ⓕ_ E'b&  8P!ⓕ_@l(KAl({Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h{Ƕ_ E'b&  8P!Ƕ_@l(oAl(P {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h{_ E'b&  8P!_@l(oAl(P {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**x{6_ E'b&  8P!!j6_@l(Al(P{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c03a69bc-8d29-461f-a231-7b91038a047e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d9f1b54a-70ff-431b-b541-4e29a24f935f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**h{oR_ E'b&  8P!oR_@l(oAl(Ld {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**h{;a_ E'b&  8P!;a_@l(oAl(Ld {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**h{6_ E'b&  8P!6_@l(XpAl(|{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**h{W_ E'b&  8P!W_@l(XpAl(|{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h{9_ E'b&  8P!9_@l(uAl(4{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h{2J_ E'b&  8P!2J_@l(uAl(4{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**x{_ E'b&  8P!!j_@l(jAl(4({Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = cf8ffdc3-731f-4f18-96fb-2f4520acfcd3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 443a35eb-843a-4f7c-b3fc-cd8178a0a026 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**h{½_ E'b&  8P!½_@l(_pAl( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**h{%_ E'b&  8P!%_@l(_pAl( {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**h{Y_ E'b&  8P!Y_@l(epAl(h{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**h{" _ E'b&  8P!" _@l(epAl(h{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**x{_ E'b&  8P!!j_@l(;Al(h {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d868f749-5b4f-4449-8a8c-c0e9dbc4afab Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0adca7c0-7f00-4a61-809f-b6464b481122 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Al(L |Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Verh**h|m;b E'b&  8P!m;b@l(>Al(L |Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Acth**h | ab E'b&  8P! ab@l(wAl(T |Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t Rh**h!|7ɽb E'b&  8P!7ɽb@l(wAl(T!|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &r =h**h"|IOb E'b&  8P!IOb@l(wAl(X "|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &resh**h#|]b E'b&  8P!]b@l(wAl(X #|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & }h**@$|eb E'b&  8P!jeb@l(Al(X t$|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational )p;)(A?\oData= ContextInfo A'\=UserData A%\=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b410bdf9-3611-475a-8f16-7ebedb6c4966 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 90235d3e-f278-4f0f-b125-549ef753d085 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**h%|b E'b&  8P!b@l(Al(`%|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h&|b E'b&  8P!b@l(Al(`&|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h'|2b E'b&  8P!2b@l(xAl(H'|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h(|j>b E'b&  8P!j>b@l(xAl(H(|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h)|)uic E'b&  8P!)uic@l(&xAl( L)|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h*|yjc E'b&  8P!yjc@l(&xAl( L*|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h+|pc E'b&  8P!pc@l(Al(P+|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h,|^pc E'b&  8P!^pc@l(Al(P,|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h-|I~pc E'b&  8P!I~pc@l(Al( -|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h.|1jpc E'b&  8P!1jpc@l(Al( .|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**x/|Zqc E'b&  8P!!jZqc@l(xAl( /|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational )@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 17d31bdb-ca1c-429f-beaa-20bc6e3e61e6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = aeec0c04-7189-4fcb-a2e9-f503d8eaa0e2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**h0|hyqc E'b&  8P!hyqc@l(#Al(H 0|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h1|Iqc E'b&  8P!Iqc@l(#Al(H 1|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h2|qfqc E'b&  8P!qfqc@l((yAl(2|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h3| rc E'b&  8P! rc@l((yAl(3|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h4|d E'b&  8P!d@l(Al(h 4|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h5|d E'b&  8P!d@l(Al(h 5|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**h6|d E'b&  8P!d@l(CyAl(L 6|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h7|[d E'b&  8P![d@l(CyAl(L 7|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h8|¹d E'b&  8P!¹d@l(yAl(xp8|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h9|tvd E'b&  8P!tvd@l(yAl(xp9|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h:|>d E'b&  8P!>d@l(yAl( ( :|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h;|d E'b&  8P!d@l(yAl( ( ;|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Coh**x<||i d E'b&  8P!!j|i d@l(?Al( <|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational )@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = cbb59b64-d46d-4e5f-8d26-ed5b716da25d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = eefb83ef-141f-448b-b71c-d25b15381974 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8x**h=| ˖ d E'b&  8P! ˖ d@l(CAl(=|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h>|[D d E'b&  8P![D d@l(CAl(>|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h?|3T#d E'b&  8P!3T#d@l(Al(` ?|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h@|4|e#d E'b&  8P!4|e#d@l(Al(` @|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hA|#d E'b&  8P!#d@l(9zAl(d T A|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hB|W#d E'b&  8P!W#d@l(9zAl(d T B|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hC|-#d E'b&  8P!-#d@l(dzAl(C|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hD|Y#d E'b&  8P!Y#d@l(dzAl(D|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hE|#$d E'b&  8P!#$d@l(Al(DE|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hF|s2$d E'b&  8P!s2$d@l(Al(DF|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xG|\$d E'b&  8P!!j\$d@l(FAl(G|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational )@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 79080e3c-5e63-4cac-81c4-1ffb7c7b60a0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f08a0840-283d-4376-9461-7f3fe2cfdb7a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Adx**hH|$d E'b&  8P!$d@l(#{Al( H|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hI|$$d E'b&  8P!$$d@l(#{Al( I|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hJ|$d E'b&  8P!$d@l(OAl( J|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hK| %d E'b&  8P! %d@l(OAl( K|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xL|-k}%d E'b&  8P!!j-k}%d@l(4Al( L|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational )@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 739e5c3e-9af7-4da4-b3d9-83055c9add05 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6ff9f12d-10d6-4abf-8d00-4073a9cda8a5 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**hM|ܙ%d E'b&  8P!ܙ%d@l(?{Al(( T M|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hN|ǥ%d E'b&  8P!ǥ%d@l(?{Al(( T N|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hO|%d E'b&  8P!%d@l(5Al((O|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hP|}%d E'b&  8P!}%d@l(5Al((P|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hQ|V%d E'b&  8P!V%d@l({Al(@ Q|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hR|%d E'b&  8P!%d@l({Al(@ R|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hS| &d E'b&  8P! &d@l(zAl(8S|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hT|w*&d E'b&  8P!w*&d@l(zAl(8T|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hU|ld E'b&  8P!ld@l(4Al($U|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hV|>ӧd E'b&  8P!>ӧd@l(4Al($V|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hW|God E'b&  8P!God@l(zAl(W|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hX|d E'b&  8P!d@l(zAl(X|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hY|63d E'b&  8P!63d@l(Q|Al(dY|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hZ|fAd E'b&  8P!fAd@l(Q|Al(dZ|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**x[|d E'b&  8P!!jd@l(|Al(d[|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational )@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3ba4f4be-182f-453e-9a6b-8296cbc63bab Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c9877e0d-2087-41a4-b7bc-5b36cb7c07e6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**h\|dd E'b&  8P!dd@l(Al( \|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h]|d E'b&  8P!d@l(Al( ]|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h^|ld E'b&  8P!ld@l(3}Al(, ^|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h_|xd E'b&  8P!xd@l(3}Al(, _|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h`|x7ge E'b&  8P!x7ge@l(#Al(X`|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**ha|{e E'b&  8P!{e@l(#Al(Xa|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hb|ωe E'b&  8P!ωe@l(zAl(@@ b|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hc|De E'b&  8P!De@l(zAl(@@ c|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hd|e E'b&  8P!e@l(}Al(48 d|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**he|=e E'b&  8P!=e@l(}Al(48 e|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xf|e E'b&  8P!!je@l(QAl(4pf|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational )@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a1da2943-22c4-42bf-803b-731bb9648201 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8a96a025-c8ba-45ea-bea3-c06d67c119d5 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Adx**hg|e E'b&  8P!e@l(RAl(Pg|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hh|罊e E'b&  8P!罊e@l(RAl(Ph|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hi|2e E'b&  8P!2e@l(~Al( i|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hj|Ae E'b&  8P!Ae@l(~Al( j|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hk|c].f E'b&  8P!c].f@l(Al( k|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hl|΄o.f E'b&  8P!΄o.f@l(Al( l|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hm|85f E'b&  8P!85f@l(~Al(L m|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hn|35f E'b&  8P!35f@l(~Al(L n|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Coh**ho|zq7f E'b&  8P!zq7f@l(Al(,o|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &icyh**hp|7f E'b&  8P!7f@l(Al(,p|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ix h**hq|Й7f E'b&  8P!Й7f@l(Al(( q|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hr|7f E'b&  8P!7f@l(Al(( r|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrhs -and $adap E'b&  8P jteh8f@l(l E'b&  8P!!j >l@l(Al(\ -}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 76c9ed0d-eafc-4149-a863-e04982e7cf9f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5a82e842-7195-409f-a322-16324e579104 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**h.}l E'b&  8P!l@l(Al(\ .}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**h/}-#l E'b&  8P!-#l@l(Al(\ /}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**h0}l E'b&  8P!l@l(kAl(0}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**h1}BPl E'b&  8P!BPl@l(kAl(1}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**h2} l E'b&  8P! l@l(0Al( 2}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**h3}l E'b&  8P!l@l(0Al( 3}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &anh**x4}jl E'b&  8P!!jjl@l(ŕAl(` 4}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8fb1114a-cd09-4079-bc36-f760f6082fd9 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d7ac0e8c-e2a8-49e8-a4b6-b7a6755e14e9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. }حl E'b&  8P!حl@l(wAl( >}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &f (h**h?}Al E'b&  8P!Al@l(wAl( ?}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d (h**h@}l E'b&  8P!l@l(Al( 8@}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**hA}kl E'b&  8P!kl@l(Al( 8A}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**hB}Z1m E'b&  8P!Z1m@l(Al(P( B}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**hC}{h1m E'b&  8P!{h1m@l(Al(P( C}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**hD}^m E'b&  8P!^m@l(hAl( D}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hE}d$_m E'b&  8P!d$_m@l(hAl( E}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hF}"_m E'b&  8P!"_m@l(oAl((F}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hG}1_m E'b&  8P!1_m@l(oAl((G}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &anh**xH}8Զ_m E'b&  8P!!j8Զ_m@l([Al((H}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e7b581d0-da5c-4ed9-be90-21e7cf8d50a7 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c3ed9c3c-0e67-40a5-8df0-ba5cd74d7746 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 6-x**hI}%_m E'b&  8P!%_m@l(_Al(4I}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &f (h**hJ}h_m E'b&  8P!h_m@l(_Al(4J}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d (h**hK}\`m E'b&  8P!\`m@l(Al( tK}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**hL}g`m E'b&  8P!g`m@l(Al( tL}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**hM}+m E'b&  8P!+m@l(Al(,M}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**hN}2LBm E'b&  8P!2LBm@l(Al(,N}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**hO} n E'b&  8P! n@l(:Al( O}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hP}n E'b&  8P!n@l(:Al( P}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hQ}n E'b&  8P!n@l(BAl(Q}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hR}n E'b&  8P!n@l(BAl(R}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &anh**xS}hn E'b&  8P!!jhn@l(Al( S}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 720b8192-d402-4407-b378-a08edd6f0be4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 3b6e48c9-3e1e-44fa-8f8b-4d51d49f6e91 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hT}]n E'b&  8P!]n@l(bAl( T}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hU}Mn E'b&  8P!Mn@l(bAl( U}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hV}!cn E'b&  8P!!cn@l(Al(V}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hW}\vn E'b&  8P!\vn@l(Al(W}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & (h**hX}n E'b&  8P!n@l(Al(8X}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d (h**hY} n E'b&  8P! n@l(Al(8Y}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**hZ}y0n E'b&  8P!y0n@l(Al(( Z}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**h[}n E'b&  8P!n@l(Al(( [}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h\}an E'b&  8P!an@l(Al(\}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h]}n E'b&  8P!n@l(Al(]}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**x^}dJn E'b&  8P!!jdJn@l(lAl( ^}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6d5cd1a6-6c88-4c2b-8152-4ed2ffacbdbe Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c8738b94-eaff-4534-a8c3-8c312a1dff6f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**h_}vn E'b&  8P!vn@l(mAl(,_}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**h`}j˚n E'b&  8P!j˚n@l(mAl(,`}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**ha}n E'b&  8P!n@l(Al(@a}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**hb}F/n E'b&  8P!F/n@l(Al(@b}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**hc} on E'b&  8P! on@l(Al(H  c}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hd}ςn E'b&  8P!ςn@l(Al(H  d}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**xe}An E'b&  8P!!jAn@l(6Al(H < e}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e61a9722-1521-4625-b666-1828913ee6c8 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = da9e6f9a-6059-4d1a-9747-aca2800660fe Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. n E'b&  8P!>n@l(Al(< o}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**hp}Mn E'b&  8P!Mn@l(Al(< p}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**hq};pn E'b&  8P!;pn@l(Al(P q}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**hr}'|n E'b&  8P!'|n@l(Al(P r}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &00-h**hs})Io E'b&  8P!)Io@l(Al(Xs}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**ht}Io E'b&  8P!Io@l(Al(Xt}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hu}Nao E'b&  8P!Nao@l()Al(h u}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Verh**hv}V_ao E'b&  8P!V_ao@l()Al(h v}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Acth**hw}ao E'b&  8P!ao@l(3Al(< p w}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t Rh**hx}Սao E'b&  8P!Սao@l(3Al(< p x}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &r =h**@y}T#bo E'b&  8P!jT#bo@l( Al(< @y}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational )p;)(A?\oData= ContextInfo A'\=UserData A%\=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 67b09081-5b07-450b-b43e-92b8160ff590 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 25a38869-ca74-4f6d-8432-2247b50815a1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**hz}x?bo E'b&  8P!x?bo@l(+Al( z}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h{}Mbo E'b&  8P!Mbo@l(+Al( {}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h|}wbo E'b&  8P!wbo@l(eAl(l |}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h}}`bo E'b&  8P!`bo@l(eAl(l }}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h~} o E'b&  8P! o@l(͝Al(T ~}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h}o E'b&  8P!o@l(͝Al(T }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h}ӳp E'b&  8P!ӳp@l(kAl(}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h}.$)p E'b&  8P!.$)p@l(kAl(}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h}Jp E'b&  8P!Jp@l(ZAl(` h}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h}RXp E'b&  8P!RXp@l(ZAl(` h}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**x}wp E'b&  8P!!jwp@l(;Al(` }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational )@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 803bd73f-afd9-4c81-94da-897f714dca65 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = cba46a70-00ad-479c-a02f-f9654d89bce9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h}p E'b&  8P!p@l(Al(L }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h}5p E'b&  8P!5p@l(Al(L }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h}[p E'b&  8P![p@l(Al( }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h}lp E'b&  8P!lp@l(Al( }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h}p E'b&  8P!p@l(9Al( }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h}p E'b&  8P!p@l(9Al( }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h}ip E'b&  8P!ip@l(4Al(P}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h}wp E'b&  8P!wp@l(4Al(P}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h}cp E'b&  8P!cp@l(sAl(` <}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h}p E'b&  8P!p@l(sAl(` <}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**h}p E'b&  8P!p@l(Al( }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h}Vp E'b&  8P!Vp@l(Al( }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**x}56p E'b&  8P!!j56p@l(Al( 8}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational )@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5d4ff5cb-8833-414d-99a3-8a6ffa128de3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 3934a24d-409e-4154-a0b3-1d8af871787e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Adx**h}j_Dzp E'b&  8P!j_Dzp@l(Al(8 }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h}jղp E'b&  8P!jղp@l(Al(8 }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**h}7p E'b&  8P!7p@l(#Al( }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h}[p E'b&  8P![p@l(#Al( }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h}e!p E'b&  8P!e!p@l($Al(p }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h}"-p E'b&  8P!"-p@l($Al(p }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**x}V̨p E'b&  8P!!jV̨p@l(IAl(px}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational )@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a6631b42-5f3d-4375-b084-98784314a3f6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = caced40e-23f3-4164-8328-935e77ae0d56 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h}p E'b&  8P!p@l(JAl(( }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h}1p E'b&  8P!1p@l(JAl(( }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h}p E'b&  8P!p@l(Al(` }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h}p E'b&  8P!p@l(Al(` }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**x}麈p E'b&  8P!!j麈p@l(Al( }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational )@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0cc01fbb-d89c-4617-b189-6dfeaaab19f8 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a9867af3-d263-48a9-be70-daf32949968f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -nx**h}Φp E'b&  8P!Φp@l(Al(}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**h}?p E'b&  8P!?p@l(Al(}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**h}u}p E'b&  8P!u}p@l(Al( }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**h}rp E'b&  8P!rp@l(Al( }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**h}p E'b&  8P!p@l(4Al(| }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &anh**h}qp E'b&  8P!qp@l(4Al(| }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h}9u;bq E'b&  8P!9u;bq@l(Al(}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h}Gbq E'b&  8P!Gbq@l(Al(}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h}xq E'b&  8P!xq@l(Al(@ }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h}y yq E'b&  8P!y yq@l(Al(@ }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h}+yq E'b&  8P!+yq@l(Al( }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h}H]Al(4 ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h ~at E'b&  8P!at@l(>Al(4 ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h ~t E'b&  8P!t@l(Al(p ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aingh**h ~Pit E'b&  8P!Pit@l(Al(p ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &anteh**h ~+t E'b&  8P!+t@l(Al(8 0 ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetRh**h~nt E'b&  8P!nt@l(Al(8 0~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arouh**h~u E'b&  8P!u@l( Al(L<~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aapth**h~.u E'b&  8P!.u@l( Al(L<~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a# sh**h~r`Оu E'b&  8P!r`Оu@l(Al(p~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h~ޞu E'b&  8P!ޞu@l(Al(p~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arsth**h~u E'b&  8P!u@l(Al(`~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aFirh**h~ u E'b&  8P! u@l(Al(`~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8d7h**x~u E'b&  8P!!ju@l(VAl(` ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c563eef4-c921-42e7-b23c-257f33909ca8 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 78d972ca-76ed-4254-aef0-f70deacdfbff Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h~zݣu E'b&  8P!zݣu@l(ZAl( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h~ʯu E'b&  8P!ʯu@l(ZAl( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h~W"u E'b&  8P!W"u@l(dAl( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah&a8hP & hElfChnk~o~~o~(`;m(s(T=f?mMF!&**X~0u E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!0u@l(dAl( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**h~!Ev E'b&  8P!!Ev@l(nAl( P~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**h~`Ev E'b&  8P!`Ev@l(nAl( P~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**h~eQv E'b&  8P!eQv@l(Al( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**h~jիQv E'b&  8P!jիQv@l(Al( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**h~{Qv E'b&  8P!{Qv@l(Al( @ ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &00-h**h~=Qv E'b&  8P!=Qv@l(Al( @ ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**@ ~m_VRv E'b&  8P!jm_VRv@l(گAl( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !p;)(A?ToData= ContextInfo A'T=UserData A%T=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = dbd776b4-ce34-415b-8318-815d0f2a1e43 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0ef6f541-ed5a-4ef3-81ca-7ca298435437 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**h!~œsRv E'b&  8P!œsRv@l(ۯAl(L$!~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h"~Rv E'b&  8P!Rv@l(ۯAl(L$"~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h#~Rv E'b&  8P!Rv@l(iAl(<#~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h$~QSv E'b&  8P!QSv@l(iAl(<$~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h%~acv E'b&  8P!acv@l(Al(Xh %~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h&~Grcv E'b&  8P!Grcv@l(Al(Xh &~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h'~:v E'b&  8P!:v@l(Al( '~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h(~6v E'b&  8P!6v@l(Al( (~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h)~xv E'b&  8P!xv@l(Al(h )~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h*~v E'b&  8P!v@l(Al(h *~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**h+~Wv E'b&  8P!Wv@l(Al( , +~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h,~wǯv E'b&  8P!wǯv@l(Al( , ,~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h-~v E'b&  8P!v@l(Al(|-~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h.~$v E'b&  8P!$v@l(Al(|.~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**x/~ v E'b&  8P!!j v@l(Al( /~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d29f7ceb-ecef-4437-9795-92996700ce0d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 71d8e291-6970-434b-af01-dfbbe9094e37 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. uex**h0~v E'b&  8P!v@l(oAl( 0~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h1~/v E'b&  8P!/v@l(oAl( 1~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h2~pIw E'b&  8P!pIw@l(Al( 2~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h3~WQw E'b&  8P!WQw@l(Al(\ 3~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h4~͵Yw E'b&  8P!͵Yw@l(Al( 4~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h5~^w E'b&  8P!^w@l(Al(\ 5~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h6~Iw E'b&  8P!Iw@l(Al(6~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h7~Ğw E'b&  8P!Ğw@l(Al(7~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**x8~7Mw E'b&  8P!!j7Mw@l(Al( 8~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9823b501-a7bd-4224-a076-20060ee8ceda Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6a9d9cce-9f2c-4187-a925-1adcebeb4231 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**h9~ Bw E'b&  8P! Bw@l(Al(`p9~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h:~t9Qw E'b&  8P!t9Qw@l(Al(`p:~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h;~Rrw E'b&  8P!Rrw@l(IAl(@;~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h<~w E'b&  8P!w@l(IAl(@<~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**x=~w E'b&  8P!!jw@l(Al(=~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ebfaf290-fca7-4414-8324-5d0d44b9acd9 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e438df08-aea4-4c80-9b34-436f7ff8db61 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. eIx**h>~w E'b&  8P!w@l(Al(T>~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**h?~w E'b&  8P!w@l(Al(T?~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h@~"w E'b&  8P!"w@l(Al(P@~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hA~3w E'b&  8P!3w@l(Al(PA~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hB~.Kw E'b&  8P!.Kw@l(0Al( d B~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hC~1Yw E'b&  8P!1Yw@l(0Al( d C~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hD~yw E'b&  8P!yw@l(Al( 8D~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hE~Kw E'b&  8P!Kw@l(Al( 8E~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hF~)͐w E'b&  8P!)͐w@l(Al( F~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hG~Y柫w E'b&  8P!Y柫w@l(Al( G~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hH~6gw E'b&  8P!6gw@l(Al( H~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hI~7Wzw E'b&  8P!7Wzw@l(Al( I~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hJ~؜w E'b&  8P!؜w@l(Al(,J~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hK~␭w E'b&  8P!␭w@l(Al(,K~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xL~a5w E'b&  8P!!ja5w@l(Al( L~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0cf84de1-0ff9-4961-af1d-ccd9fb0b2668 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 51aa56f8-b058-4e8c-8123-9153beb86f6a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**hM~Rw E'b&  8P!Rw@l(Al(8 M~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hN~v^w E'b&  8P!v^w@l(Al(8 N~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hO~ҵw E'b&  8P!ҵw@l(Al(T<O~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hP~w E'b&  8P!w@l(Al(T<P~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hQ~_^x E'b&  8P!_^x@l(Al(`Q~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hR~k^x E'b&  8P!k^x@l(Al(`R~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hS~28gx E'b&  8P!28gx@l(`Al(@ S~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hT~-Fgx E'b&  8P!-Fgx@l(`Al(@ T~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hU~Khgx E'b&  8P!Khgx@l(bAl(U~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hV~dGwgx E'b&  8P!dGwgx@l(bAl(V~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xW~Y hx E'b&  8P!!jY hx@l(Al( W~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 752a4bf7-c4be-41c4-8a0b-1d2700d24eff Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 891f06c3-cb0f-4d8d-9d18-3263588c11e0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. anx**hX~v!hx E'b&  8P!v!hx@l(Al( X~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hY~].hx E'b&  8P!].hx@l(Al( Y~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hZ~k hx E'b&  8P!k hx@l(Al( Z~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h[~\hx E'b&  8P!\hx@l(Al( [~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**h\~ F y E'b&  8P! F y@l(Al( \~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h]~83U y E'b&  8P!83U y@l(Al( ]~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h^~=Q0y E'b&  8P!=Q0y@l(Al(X`^~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h_~ӟ>y E'b&  8P!ӟ>y@l(Al(X`_~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h`~3y E'b&  8P!3y@l(Al(<`~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**ha~ny E'b&  8P!ny@l(Al(<a~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Coh**hb~y E'b&  8P!y@l(oAl(b~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &icyh**hc~^5!y E'b&  8P!^5!y@l(oAl(c~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ix h**xd~c~y E'b&  8P!!jc~y@l(Al(d~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 26fc69a3-f82d-4ce8-bffb-68a266138cb2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 66658846-119a-4903-a1b6-adb1e9d51eb9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8x**he~y E'b&  8P!y@l(qAl( e~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hf~:y E'b&  8P!:y@l(qAl( f~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hg~ Niy E'b&  8P! Niy@l(Al(\8g~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hh~vy E'b&  8P!vy@l(Al(\8h~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hi~=&y E'b&  8P!=&y@l(Al(H di~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hj~hy E'b&  8P!hy@l(Al(H dj~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xk~v )y E'b&  8P!!jv )y@l(Al(H k~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9c72da2a-0aca-4e12-b037-ae4648d23417 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e960b9fb-d4be-4c09-95d8-44612c2a6de1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. anx**hl~Ty E'b&  8P!Ty@l(Al(l~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hm~Uay E'b&  8P!Uay@l(Al(m~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hn~y E'b&  8P!y@l(̸Al( 0n~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**ho~y E'b&  8P!y@l(̸Al( 0o~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &quehe Number = 1 E'b&  8P SjGy@l(Al( ` p~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@P!zݣu@l(ZAl( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h~ʯu E'b&  8P!ʯu@l(ZAl( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h~W"u E'b&  8P!W"u@l(dAl( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah&a8hP & hElfChnkp~~p~~`Dy E'b&  8P!>Dy@l(Al(@t~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hu~`y E'b&  8P!`y@l(aAl( Du~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**hv~7py E'b&  8P!7py@l(aAl( Dv~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hw~iy E'b&  8P!iy@l(-Al( w~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hx~V԰y E'b&  8P!V԰y@l(-Al( x~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hy~Gy E'b&  8P!Gy@l(Al(t y~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hz~| y E'b&  8P!| y@l(Al(t z~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h{~~yy E'b&  8P!~yy@l(OAl({~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h|~Jjy E'b&  8P!Jjy@l(OAl(|~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h}~gDy E'b&  8P!gDy@l(WAl(0}~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**h~~`y E'b&  8P!`y@l(WAl(0~~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**x~)/y E'b&  8P!!j)/y@l(EAl(0` ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 50a23769-0158-4d57-96fa-3bb84bd9709b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a854d43b-ca99-402b-b78a-37c5a5e31ed4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. eIx**h~Ly E'b&  8P!Ly@l(Al(@~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h~NYy E'b&  8P!NYy@l(Al(@~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h~Oy E'b&  8P!Oy@l(pAl( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h~gEy E'b&  8P!gEy@l(pAl( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h~@~vz E'b&  8P!@~vz@l(Al(P ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h~-vz E'b&  8P!-vz@l(Al(P ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h~{I}z E'b&  8P!{I}z@l(Al( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aueh**h~U}z E'b&  8P!U}z@l(Al( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h~Ox}z E'b&  8P!Ox}z@l(Al(D @~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h~ }z E'b&  8P! }z@l(Al(D @~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**x~~z E'b&  8P!!j~z@l(ֻAl(D ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 17d1aa2b-2fdc-49fe-8f64-8bfa77c9f314 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0d6b2484-d0c3-47d8-aedb-10a42823d84c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -nx**h~D!~z E'b&  8P!D!~z@l(Al( X ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h~/~z E'b&  8P!/~z@l(Al( X ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h~r~z E'b&  8P!r~z@l(FAl(( <~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h~oҫ~z E'b&  8P!oҫ~z@l(FAl(( <~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h~V#{ E'b&  8P!V#{@l(Al(|~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a -h**h~,e#{ E'b&  8P!,e#{@l(Al(|~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h~B){ E'b&  8P!B){@l(Al(4 ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**h~){ E'b&  8P!){@l(Al(4 ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**h~4,{ E'b&  8P!4,{@l(Al(@~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**h~G,{ E'b&  8P!G,{@l(Al(@~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h~m,{ E'b&  8P!m,{@l(7Al(( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h~n ,{ E'b&  8P!n ,{@l(7Al(( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**x~O&-{ E'b&  8P!!jO&-{@l(Al(( L ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = af1e3628-a64b-425b-859e-3dbf334cb944 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 35ef1139-d745-47dd-a713-3f04270d6375 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rsx**h~hT-{ E'b&  8P!hT-{@l(Al(`0~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h~T`-{ E'b&  8P!T`-{@l(Al(`0~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h~.{ E'b&  8P!.{@l(VAl(P~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h~..{ E'b&  8P!..{@l(VAl(P~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h~wW.{ E'b&  8P!wW.{@l(3Al( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**h~f.{ E'b&  8P!f.{@l(3Al( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**x~R.{ E'b&  8P!!jR.{@l(սAl( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1e4b7307-e8fe-4b93-a576-469be86a1df2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f233e20f-c92a-4f34-a741-e2346768b791 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -nx**h~/{ E'b&  8P!/{@l(ֽAl(T ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h~K/{ E'b&  8P!K/{@l(ֽAl(T ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h~:4/{ E'b&  8P!:4/{@l(ݽAl( @ ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h~ӜE/{ E'b&  8P!ӜE/{@l(ݽAl( @ ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**x~/{ E'b&  8P!!j/{@l(SAl( d~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ac2d023f-d8aa-483a-aa8b-2589463ad1b8 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b4fe4cb8-bb00-4042-acb1-3c2bc0ea7321 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Q(P=f?mMF&a**~qE} E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jqE}@l(Al(~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 66ea71d9-6c0f-4182-b9d1-ed371f191000 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 15cd2a8f-ac0c-4919-93e2-b69fdc9b6ec8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. eIn**~ F} E'b&  8P9! F}@l(iAl( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c(= **h~F} E'b&  8P!F}@l(iAl( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**h~!\F} E'b&  8P!!\F}@l(Al(~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**h~xGF} E'b&  8P!xGF}@l(Al(~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**h~G} E'b&  8P!G}@l(Al(4 ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**h~G} E'b&  8P!G}@l(Al(4 ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**x~RG} E'b&  8P!!jRG}@l(Al(4D~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e9615860-ba18-4111-9ec1-2d7edf8e5948 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 21cf27e3-322f-4a01-89c0-40b83ef3bcbc Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**h~G} E'b&  8P!G}@l(Al( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h~)G} E'b&  8P!)G}@l(Al( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h~CH} E'b&  8P!CH}@l(~Al($D~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h~=RH} E'b&  8P!=RH}@l(~Al($D~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h~I} E'b&  8P!I}@l(Al( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h~I} E'b&  8P!I}@l(Al( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h~J} E'b&  8P!J}@l(Al(4 ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h~J} E'b&  8P!J}@l(Al(4 ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aeIh**x~J} E'b&  8P!!jJ}@l(Al(4L~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f72d4b69-ec77-430d-a072-f1f5f336ec2c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9334a1ea-b1e5-49dd-a9bd-3193ff8a047d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. e-x**h~tJ} E'b&  8P!tJ}@l(Al( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**h~aJ} E'b&  8P!aJ}@l(Al( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**h~J} E'b&  8P!J}@l(Al(t~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h~J} E'b&  8P!J}@l(Al(t~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**x~elPK} E'b&  8P!!jelPK}@l(&Al(~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 69239842-55f2-4cec-9a06-34bebb2e6248 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b41c973c-bb1e-4df2-a281-b8d4cb053861 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. c E'b&  8P!>c@l(yBl(h@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af Bx E'b&  8P! Bx@l(Al(P$>Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h?x E'b&  8P!x@l(Al(P$?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**x@s2y E'b&  8P!!js2y@l(DAl(P@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c26ef8fd-a35d-40b8-98c4-d63abad57f36 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 48b7ddcd-306f-41d8-bb04-371ae45e3d8f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**hA_Xy E'b&  8P!_Xy@l( Bl(` AMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hBey E'b&  8P!ey@l( Bl(` BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hCy E'b&  8P!y@l( Bl(<CMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hDmy E'b&  8P!my@l( Bl(<DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**xE2z E'b&  8P!!j2z@l(Al(< EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 62e4d557-f49d-4192-b7b0-2e5a1427b958 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5b6676e5-3276-46b4-bd52-f29f0d721c27 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. {x**hFtz E'b&  8P!tz@l(Al(p|FMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hG+z E'b&  8P!+z@l(Al(p|GMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hH@z E'b&  8P!@z@l(Al(HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-nh**hIІNz E'b&  8P!ІNz@l(Al(IMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hJmz E'b&  8P!mz@l(> Bl(( JMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hKzz E'b&  8P!zz@l(> Bl(( KMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hLz E'b&  8P!z@l(pAl(LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hMz E'b&  8P!z@l(pAl(MMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hN% E'b&  8P!%@l( Bl(NMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hO%% E'b&  8P!%%@l( Bl(OMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hPvq+ E'b&  8P!vq+@l(*Bl(<PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hQOϞ+ E'b&  8P!OϞ+@l(*Bl(<QMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hR)+ E'b&  8P!)+@l(1Al(RMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hSx+ E'b&  8P!x+@l(1Al(SMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**xTA, E'b&  8P!!jA,@l(Al( TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3f2626dc-9bc7-4d82-befd-7a87dc8ba4eb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6fbca68a-93e0-4978-be2e-621b17532cf5 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hUś`, E'b&  8P!ś`,@l(Bl(TUMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hVKn, E'b&  8P!Kn,@l(Bl(TVMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hW, E'b&  8P!,@l(Al(0$WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hX,, E'b&  8P!,,@l(Al(0$XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hYh~؂ E'b&  8P!h~؂@l(\Bl(d p YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hZ|}؂ E'b&  8P!|}؂@l(\Bl(d p ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h[`ނ E'b&  8P!`ނ@l(mBl( [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h\7mނ E'b&  8P!7mނ@l(mBl( \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h]ʌނ E'b&  8P!ʌނ@l(sAl(h]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h^ނ E'b&  8P!ނ@l(sAl(h^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**x_ ߂ E'b&  8P!!j ߂@l(Bl(l_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = af058d3d-81bf-4459-b8bc-060861ccd389 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d47e9e27-1d61-4f00-95c6-63928f144d2d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**h`ԕ+߂ E'b&  8P!ԕ+߂@l(Al( `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**ha9߂ E'b&  8P!9߂@l(Al( aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hb4t߂ E'b&  8P!4t߂@l(SAl( l bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hc(e߂ E'b&  8P!(e߂@l(SAl( l cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hd: E'b&  8P!:@l(Bl( l dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**he@  E'b&  8P!@ @l(Bl( l eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hf{d E'b&  8P!{d@l(Al((fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hgs E'b&  8P!s@l(Al((gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hh^3 E'b&  8P!^3@l(uBl( 0hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hi CD E'b&  8P! CD@l(uBl( 0iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hj?c E'b&  8P!?c@l({Bl( DjMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hkq E'b&  8P!q@l({Bl( DkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xlF/ E'b&  8P!!jF/@l(>Al( lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 602d94bd-5e09-4085-9b3c-8f1945fbeda9 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a0f7130f-7e2b-4873-b2ea-d927814898d7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. uex**hm  E'b&  8P! @l(BAl(T mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hn E'b&  8P!@l(BAl(T nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hoHM E'b&  8P!HM@l(Bl(oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hpA9 E'b&  8P!A9@l(Bl(pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hq E'b&  8P!@l(~Bl( qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hrU' E'b&  8P!U'@l(~Bl( rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8hP! E'b&  8Ps-jqF@l(Bl( sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@P!7PBd@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah&a8hP & hElfChnksspr€(P=f?mMF&**@ sqF E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PC!jqF@l(Bl( sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d10adbfb-1b2b-434a-ad6f-ee5c7bc5f26d Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-ybolnitp.qnp.ps1 Engine Version = 4.0 Runspace ID = dded04f8-3575-47c8-b711-927eecdba8c2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @ **t'DS E'b&  8P9!'DS@l(Al( L tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c(P**hu?a E'b&  8P!?a@l(Al( L uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Ph**xvҚ E'b&  8P!!jҚ@l(&Al(  vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = acfaef55-3052-4b22-9f3e-24413ae97ac3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d2c51444-895a-4fa4-967e-7ad3ddef723d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. wex**hwr E'b&  8P!r@l(&Bl(lL wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hx^ E'b&  8P!^@l(&Bl(lL xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hy'Z E'b&  8P!'Z@l(bBl(XP yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hzuh E'b&  8P!uh@l(bBl(XP zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**h{C E'b&  8P!C@l(dBl(p{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**h|W E'b&  8P!W@l(dBl(p|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**x}s E'b&  8P!!js@l(Bl(t }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = eadf9ae0-22ae-41b0-b7f3-13f9dc1a06df Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 88b75d4b-21d9-4441-a0f3-d49e5f115e39 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Nex**h~ ` E'b&  8P! `@l(Bl( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &32_h**hɨ E'b&  8P!ɨ@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**hT䳃 E'b&  8P!T䳃@l(Al(` Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**h) E'b&  8P!)@l(Al(` Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hj3 E'b&  8P!j3@l(Bl(tl Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hSV? E'b&  8P!SV?@l(Bl(tl Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**xL  E'b&  8P!!jL @l(Al(t(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 38551c5d-76d8-49ac-9db8-215a3cf10693 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e27a4957-a99b-4ab2-b4ac-5e4662d8e226 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. n x**hU|ڴ E'b&  8P!U|ڴ@l(Bl(p Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nPrh**hjX괃 E'b&  8P!jX괃@l(Bl(p Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &teMh**hd뽃 E'b&  8P!d뽃@l(NBl(xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**h6 E'b&  8P!6@l(NBl(xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-neh**h E'b&  8P!@l(Al(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**h b- E'b&  8P! b-@l(Al(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &_Neh**x E'b&  8P!!j@l(4Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ddb6c960-5dc8-40c3-9c15-1c653804d261 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4f59f1f0-c19d-428f-b54c-bf92e587db21 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. n x**hY E'b&  8P!Y@l(7Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nPrh**hq; E'b&  8P!q;@l(7Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &teMh**h;뾃 E'b&  8P!;뾃@l(,Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**hw E'b&  8P!w@l(,Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-neh**xb E'b&  8P!!jb@l(Bl( L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d5b66450-1b49-46f6-8315-de6abc0b8eff Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b00c40f5-6641-40f7-bfea-9bb6d74992f3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. n x**h E'b&  8P!@l(Bl(t\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nPrh**hE E'b&  8P!E@l(Bl(t\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &teMh**h#ҿ E'b&  8P!#ҿ@l(Bl(0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**h|߿ E'b&  8P!|߿@l(Bl(0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-neh**hӴ E'b&  8P!Ӵ@l(.Al(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**h2 E'b&  8P!2@l(/Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &_Neh**h} E'b&  8P!}@l(.Al(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &32_h**h? E'b&  8P!?@l(/Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**ha E'b&  8P!a@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**hAb E'b&  8P!Ab@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**h:p E'b&  8P!:p@l(Bl(x Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**h&q E'b&  8P!&q@l(Bl(x Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hM<#q E'b&  8P!M<#q@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hX3q E'b&  8P!X3q@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**xq E'b&  8P!!jq@l([Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ba52d5e4-600a-423c-892d-24e20982df06 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 75675c67-7bdb-46b9-b223-6e0934d864b6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. n x**hLLq E'b&  8P!LLq@l(hBl(|,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nPrh**hPq E'b&  8P!Pq@l(hBl(|,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &teMh**hMQr E'b&  8P!MQr@l(Al($Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**h^^r E'b&  8P!^^r@l(Al($Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-neh**hD E'b&  8P!D@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**h1 E'b&  8P!1@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &_Neh**h# E'b&  8P!#@l(eBl( TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &32_h**h,# E'b&  8P!,#@l(eBl( TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**hy# E'b&  8P!y#@l(mBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**h$ E'b&  8P!$@l(mBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**xis$ E'b&  8P!!jis$@l(~Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0f74e328-cf0c-4e44-b0f5-9620533bbd14 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 667331ab-93e5-4045-ab58-653a263e1bd9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. n x**hS$ E'b&  8P!S$@l(Bl(pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nPrh**h $ E'b&  8P! $@l(Bl(pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &teMh**hS% E'b&  8P!S%@l(Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**h% E'b&  8P!%@l(Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-neh**hf E'b&  8P!f@l(Bl( xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**h3F% E'b&  8P!3F%@l(Bl( xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &_Neh**h E'b&  8P!@l(EAl(p Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &32_h**h彍 E'b&  8P!彍@l(EAl(p Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**h  E'b&  8P! @l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**h E'b&  8P!@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**x_O… E'b&  8P!!j_O…@l(BAl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = cd3999ed-83bb-4858-a05d-98573dd61e02 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 72af3451-f071-444e-954f-a5e592baf334 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. kx**h… E'b&  8P!…@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & lh**hO… E'b&  8P!O…@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &on h**h`Å E'b&  8P!`Å@l( Bl(H p Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nPrh**h< ą E'b&  8P!< ą@l( Bl(H p Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &teMh**hą E'b&  8P!ą@l(~Al(lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**hLą E'b&  8P!Lą@l(~Al(lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-neh**x(Ņ E'b&  8P!!j(Ņ@l(Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 20022f1e-d13d-45de-8835-75c81643d654 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 35cd9538-8fe5-4ab9-8d3d-025e952f7699 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rx**hOŅ E'b&  8P!OŅ@l(Al(D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &sh**ho`Ņ E'b&  8P!o`Ņ@l(Al(D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh-Windows-Pow E'b&  8PP & hElfChnkl(=f?mMFQ&**XGŅ E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!GŅ@l(Bl(H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**h }Ņ E'b&  8P! }Ņ@l(Bl(H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hAƅ E'b&  8P!Aƅ@l(Al(H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hoƅ E'b&  8P!oƅ@l(Al(H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**hBDž E'b&  8P!BDž@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &l h**@zDž E'b&  8P!jzDž@l(Al(H 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Qp;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6f412268-6749-46dc-9115-7703e3f7bea4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0ade4aea-108c-4131-9250-3491beae42f2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. R@**hDž E'b&  8P!Dž@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h2Dž E'b&  8P!2Dž@l(Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h5 EDž E'b&  8P!5 EDž@l(Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hEDž E'b&  8P!EDž@l(Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hK Dž E'b&  8P!K Dž@l(Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hXV E'b&  8P!XV@l(<Bl( T Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h⑳V E'b&  8P!⑳V@l(<Bl( T Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**haw E'b&  8P!aw@l(Al( DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hZpw E'b&  8P!Zpw@l(Al( DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t Nh**hw E'b&  8P!w@l(Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &utih**hw E'b&  8P!w@l(Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tioh**x"!x E'b&  8P!!j"!x@l(Bl(8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4e2ee084-e755-4c77-96c6-98880f8e7979 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0bb28dea-dda8-4e56-b1d6-041c41eaa696 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hb@x E'b&  8P!b@x@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hLx E'b&  8P!Lx@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h[&x E'b&  8P![&x@l(oBl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hstx E'b&  8P!stx@l(oBl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t Nh**hu  E'b&  8P!u @l(Al( 0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &utih**ho  E'b&  8P!o @l(Al( 0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tioh**h0* E'b&  8P!0*@l(Bl(x pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &) {h**h>^>* E'b&  8P!>^>*@l(Bl(x pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**h]* E'b&  8P!]*@l(Al( h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &e ah**h9l* E'b&  8P!9l*@l(Al( h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & $ch**x* E'b&  8P!!j*@l(?Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 012b77b2-1a65-428e-a551-b50de378d6ea Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 33a30efa-5c8e-4751-ae0b-f17427562d07 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Nx**h+ E'b&  8P!+@l(b Bl(<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &utih**h+ E'b&  8P!+@l(b Bl(<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tioh**h^+ E'b&  8P!^+@l(!Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &) {h**h(K+ E'b&  8P!(K+@l(!Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**hG E'b&  8P!G@l(!Bl(l Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &e ah**hYiV E'b&  8P!YiV@l(!Bl(l Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & $ch**hч E'b&  8P!ч@l(Al(LL Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**h*Oч E'b&  8P!*Oч@l(Al(LL Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & ih**hKه E'b&  8P!Kه@l(!Bl(\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h)ه E'b&  8P!)ه@l(!Bl(\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &\SYh**hه E'b&  8P!ه@l(Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h-ڇ E'b&  8P!-ڇ@l(Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**x4ڇ E'b&  8P!!j4ڇ@l(D"Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 228c52a3-b3c6-462a-b4ef-c8cf7a85eff5 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1ab3440a-8552-41fc-bcb2-0dd76b7e8a2b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ix**hڇ E'b&  8P!ڇ@l(Al(@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hڇ E'b&  8P!ڇ@l(Al(@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &\SYh**h]%܇ E'b&  8P!]%܇@l(~"Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h* ݇ E'b&  8P!* ݇@l(~"Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**hW'݇ E'b&  8P!W'݇@l(Al(8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h3݇ E'b&  8P!3݇@l(Al(8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**x݇ E'b&  8P!!j݇@l(JAl(8 h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d5aeb0d8-758e-416f-bb76-2fec69ac974c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 30c06c66-00b4-4d5d-b15a-4674c767813e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Nx**hA݇ E'b&  8P!A݇@l(#Bl(\xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &utih**hj݇ E'b&  8P!j݇@l(#Bl(\xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tioh**hN>އ E'b&  8P!N>އ@l(Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &) {h**hOKއ E'b&  8P!OKއ@l(Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**hއ E'b&  8P!އ@l(Al((Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &e ah**hcއ E'b&  8P!cއ@l(Al((Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & $ch**hxއ E'b&  8P!xއ@l(#Bl(L,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**hއ E'b&  8P!އ@l(#Bl(L,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & ih**xNJ߇ E'b&  8P!!jNJ߇@l($Bl(LXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d720aa16-ec00-4bb5-ac22-844869e090f7 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e72315b0-9282-402c-92b6-710e36d2b3a8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hm߇ E'b&  8P!m߇@l( Al(8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hy߇ E'b&  8P!y߇@l( Al(8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t Nh**h߇ E'b&  8P!߇@l(Al( <Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &utih**h̢߇ E'b&  8P!̢߇@l(Al( <Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tioh**xt  E'b&  8P!!jt @l(yAl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6c046d54-33c3-4d12-8a6a-79c5576f4753 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = bc382990-450e-45cd-9699-65ff04c296ef Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h.) E'b&  8P!.)@l(zAl(X Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h:5 E'b&  8P!:5@l(zAl(X Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h1n E'b&  8P!1n@l(Al(4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h=| E'b&  8P!=|@l(Al(4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h E'b&  8P!@l(Al(\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hԡ E'b&  8P!ԡ@l(Al(\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hA E'b&  8P!A@l(%Bl(XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hѺ E'b&  8P!Ѻ@l(%Bl(XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t Nh**ho E'b&  8P!o@l(Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &utih**h8+o E'b&  8P!8+o@l(Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tioh**hց E'b&  8P!ց@l('&Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &) {h**h tm E'b&  8P!tm@l('&Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**h !ב E'b&  8P!!ב@l(3&Bl(0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &e ah**h R 㑈 E'b&  8P!R 㑈@l(3&Bl(0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & $ch**x s E'b&  8P!!js@l('Bl(0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9d03067f-c9e0-4c21-ba2c-453c477a79a8 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5126e505-a951-453d-8608-67709a4ffdd0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Nx**h Yw E'b&  8P!Yw@l('Bl(hL Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &utih**hmő E'b&  8P!mő@l('Bl(hL Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tioh**h  E'b&  8P! @l('Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &) {h**h  E'b&  8P! @l('Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**h! E'b&  8P!!@l(Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &e ah**hˌ! E'b&  8P!ˌ!@l(Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & $ch**hzD E'b&  8P!zD@l((Bl( \ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**hD E'b&  8P!D@l((Bl( \ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & ih**hiD E'b&  8P!iD@l(6Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h#3D E'b&  8P!#3D@l(6Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &\SYhEM  E'b&  8PssjIE@l(Al( 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@soft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &sh**ho`Ņ E'b&  8P!o`Ņ@l(Al(D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh-Windows-Pow E'b&  8PP & hElfChnkjjXАJa[(P=f?mMF&a**IE E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jIE@l(Al( 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a56f1747-0860-4dc2-9ce7-2a62b5ee2200 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 2bb82645-39f7-4d05-a056-7bf14415dfd3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. an**I=fE E'b&  8P9!I=fE@l()Bl(\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c({ **h:)rE E'b&  8P!:)rE@l()Bl(\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hjE E'b&  8P!jE@l()Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**hnE E'b&  8P!nE@l()Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**h  E'b&  8P! @l(+*Bl(t Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aRh**hո E'b&  8P!ո@l(+*Bl(t Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hdԉ E'b&  8P!dԉ@l(K*Bl(l Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hԉ E'b&  8P!ԉ@l(K*Bl(l Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h  E'b&  8P!@l(*Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h!Ϋ E'b&  8P!Ϋ@l(*Bl( !Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h"њ E'b&  8P!њ@l(*Bl("Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h# E'b&  8P!@l(*Bl(#Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h$b E'b&  8P!b@l(Al(D $Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h%q E'b&  8P!q@l(Al(D %Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at Nh**x&  E'b&  8P!!j @l(+Bl(D \ &Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 67e6256c-53ff-4c9d-80a7-94cfe44969c5 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8f36e5d7-0d65-4ea9-b67c-df2d55b35248 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**h'! E'b&  8P!!@l(+Bl('Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h(- E'b&  8P!-@l(+Bl((Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h)B E'b&  8P!B@l(Al( )Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h* E'b&  8P!@l(+Bl( |*Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h+A% E'b&  8P!A%@l(Al( +Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h,[, E'b&  8P![,@l(+Bl( |,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at Nh**h-] E'b&  8P!]@l(Al(( -Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &autih**h.:&m E'b&  8P!:&m@l(Al(( .Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atioh**x/E E'b&  8P!!jE@l(,Bl( /Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 71182b05-df7f-4297-8d30-8d2470a8f29d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = cc5707a0-9676-47fa-833e-cbedbcbeaaa6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**h0 E'b&  8P!@l(3Al(X0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h1@ E'b&  8P!@@l(3Al(X1Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h2A3 E'b&  8P!A3@l(6Al(, 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h3Bk? E'b&  8P!Bk?@l(6Al(, 3Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Nh**x4V E'b&  8P!!jV@l(<-Bl( 4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = bba3500b-d700-43c8-8cb0-cc156442a2a7 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 218c929c-12a3-4fc9-b7ce-6b61d0be4d3a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. d E'b&  8P!d@l(o.Bl( x>Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h?Ó8 E'b&  8P!Ó8@l(.Bl(?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h@F E'b&  8P!F@l(.Bl(@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a ih**hAݞe E'b&  8P!ݞe@l(Al( AMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hBt E'b&  8P!t@l(Al( BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a\SYh**xCTv E'b&  8P!!jTv@l(/Bl(8 CMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7be1d22e-b783-4333-8d1f-64ec2f4ba069 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b8fec230-23a7-4d1b-82e9-0ad6e1e5c2a0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hD E'b&  8P!@l(/Bl(< DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hE E'b&  8P!@l(/Bl(< EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hFw E'b&  8P!w@l(Al(,FMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hGb E'b&  8P!b@l(Al(,GMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Nh**hH{XY: E'b&  8P!{XY:@l(X0Bl( @HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &autih**hIg: E'b&  8P!g:@l(X0Bl( @IMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atioh**hJm[ E'b&  8P!m[@l(0Bl(JMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a) {h**hK?[ E'b&  8P!?[@l(0Bl(KMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aterh**hL5[ E'b&  8P!5[@l(Al(l p LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ae ah**hMA[ E'b&  8P!A[@l(Al(l p MMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $ch**xN˳[ E'b&  8P!!j˳[@l(1Bl(l X NMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6b9c4a62-451f-4e4a-b045-d2adbfcbe299 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4efc85a4-2c8f-455e-b220-66acc857111b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hO[ E'b&  8P![@l(^Al(OMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hP2|[ E'b&  8P!2|[@l(^Al(PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hQuM\ E'b&  8P!uM\@l(1Bl( QMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hR[\ E'b&  8P![\@l(1Bl( RMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at Nh**hS=) E'b&  8P!=)@l(Al(SMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &autih**hT6 E'b&  8P!6@l(Al(TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atioh**hU@89 E'b&  8P!@89@l(Al(x UMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hVG E'b&  8P!G@l(Al(x VMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hW t  E'b&  8P! t @l(2Bl( WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hXlP  E'b&  8P!lP @l(2Bl( XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hY  E'b&  8P! @l(Al( 0YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hZ  E'b&  8P! @l(Al( 0ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**x[h  E'b&  8P!!jh @l(Al( [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d01fd151-ad17-49d9-8b07-b227a4d9bdb0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e6ece23c-834b-4fc0-bd94-fdc320a69b78 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h\Zy  E'b&  8P!Zy @l(3Bl(T\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h]e  E'b&  8P!e @l(3Bl(T]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at Nh**h^  E'b&  8P! @l(3Bl( ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &autih**h_\  E'b&  8P!\ @l(3Bl( _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atioh**h`$ E'b&  8P!$@l(HAl(TT`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a) {h**ha E'b&  8P!@l(HAl(TTaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aterh**xb); E'b&  8P!!j);@l(Al(TbMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = bd64b888-d596-49c8-9c2b-d4a72ea3bf0b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 43cbe27f-8c45-4a21-b44a-9b08d3020ad1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hcs E'b&  8P!s@l(4Bl(cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hdT E'b&  8P!T@l(4Bl(dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Nh**he' E'b&  8P!'@l(DAl(LeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &autih**hf3 E'b&  8P!3@l(DAl(LfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atioh**hgM E'b&  8P!M@l(_Al(XgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a) {h**hh}\ E'b&  8P!}\@l(_Al(XhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aterh**hiv~ E'b&  8P!v~@l(4Bl(\iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ae ah**hj\ E'b&  8P!\@l(4Bl(\jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $ch**hzD E'b&  8P!j|@l(^5Bl(kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*hD E'b&  8P!D@l((Bl( \ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & ih**hiD E'b&  8P!iD@l(6Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h#3D E'b&  8P!#3D@l(6Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &\SYhEM  E'b&  8PssjIE@l(Al( 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@soft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &sh**ho`Ņ E'b&  8P!o`Ņ@l(Al(D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh-Windows-Pow E'b&  8PP & hElfChnkkkhKw [+(P=f?mMF&a**k| E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j|@l(^5Bl(kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0e7a2821-f5e0-40dd-981e-1b436bdc6d03 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = cffd1593-af16-43ed-bf3a-618e30067828 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. an**l+" E'b&  8P9!+"@l(Al(,lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c({ **hmC1 E'b&  8P!C1@l(Al(,mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hn&O E'b&  8P!&O@l(h5Bl(X \ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**ho] E'b&  8P!]@l(h5Bl(X \ oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**xp E'b&  8P!!j@l(36Bl(X pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3c7df555-c79b-4ae2-aff1-e7cc76f7be2c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1d29d051-a7eb-470c-8fe3-1346dd4fbcc7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. d-x**hq E'b&  8P!@l(Al( qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**hr E'b&  8P!@l(Al( rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**hs) E'b&  8P!)@l(:6Bl( sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**ht7 E'b&  8P!7@l(:6Bl( tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hu30\ E'b&  8P!30\@l(Al( uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hvh E'b&  8P!h@l(E6Bl(8vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hwh E'b&  8P!h@l(Al( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hx<_v E'b&  8P!<_v@l(E6Bl(8xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hylxJ E'b&  8P!lxJ@l(c6Bl( yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hzX E'b&  8P!X@l(c6Bl( zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**h{  E'b&  8P! @l(?Al(H` {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h|  E'b&  8P! @l(?Al(H` |Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h}YŌ E'b&  8P!YŌ@l(M7Bl( }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h~UhŌ E'b&  8P!UhŌ@l(M7Bl( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hiŌ E'b&  8P!iŌ@l(Al(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hKŌ E'b&  8P!KŌ@l(Al(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at Nh**xƌ E'b&  8P!!jƌ@l(8Bl(`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4a218339-8b01-459b-b692-28fba9fa0b8b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f37a31b6-fe89-42cd-a996-0d29e58bdaaf Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**h.ƌ E'b&  8P!.ƌ@l(8Bl( @ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h:ƌ E'b&  8P!:ƌ@l(8Bl( @ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $h**h:ƌ E'b&  8P!:ƌ@l(GAl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h6ƌ E'b&  8P!6ƌ@l(GAl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h-R E'b&  8P!-R@l(Al(x Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hR E'b&  8P!R@l(Al(x Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Nh**hx)x E'b&  8P!x)x@l(Al(0d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hx%6x E'b&  8P!x%6x@l(Al(0d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h>0 E'b&  8P!>>0@l(Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hK0 E'b&  8P!K0@l(Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**x0 E'b&  8P!!j0@l(=Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 280fb7f5-8908-42e2-812a-fd5bd1e2a39f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 364500f3-b9a4-4d8d-a0d0-48cc12143df4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. twx**h; E'b&  8P!;@l(=Bl(L<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aatch**h; E'b&  8P!;@l(=Bl(L<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aameh**h&G E'b&  8P!&G@l(]Al( (Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahelh**h'4G E'b&  8P!'4G@l(]Al( (Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hGvG E'b&  8P!GvG@l(^Al($hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**h^G E'b&  8P!^G@l(^Al($hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**xG E'b&  8P!!jG@l(>Bl($Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 62030a7f-fce5-4db5-a69c-b04059ec2730 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 725a8dd8-5e37-43ae-80c7-facb8d6291bb Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. twx**h"H E'b&  8P!"H@l(>Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aatch**h *H E'b&  8P! *H@l(>Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aameh**hcM E'b&  8P!cM@l(Al(h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahelh**h渔M E'b&  8P!渔M@l(Al(h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hM E'b&  8P!M@l(>Bl(X xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**huoM E'b&  8P!uoM@l(>Bl(X xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hVM E'b&  8P!VM@l(Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hVM E'b&  8P!VM@l(Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Whdows-PowerSh E'b&  8PE'bj.KN@l(QAl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @dows-PowerShell/Operational &aterh**hiv~ E'b&  8P!v~@l(4Bl(\iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ae ah**hj\ E'b&  8P!\@l(4Bl(\jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $ch**hzD E'b&  8P!j|@l(^5Bl(kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*hD E'b&  8P!D@l((Bl( \ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & ih**hiD E'b&  8P!iD@l(6Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h#3D E'b&  8P!#3D@l(6Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &\SYhEM  E'b&  8PssjIE@l(Al( 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@soft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &sh**ho`Ņ E'b&  8P!o`Ņ@l(Al(D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh-Windows-Pow E'b&  8PP & hElfChnk   zfh(P=f?mMF&a**.KN E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j.KN@l(QAl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6756333b-acb6-4f98-8ec2-b866bec3fbc4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c891576d-831b-4b85-b6a4-8bb030e226ec Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. an** "sN E'b&  8P9! "sN@l(UAl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c({ **hqpN E'b&  8P!qpN@l(UAl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hN E'b&  8P!N@l(?Bl(, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**hAN E'b&  8P!AN@l(?Bl(, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**xO E'b&  8P!!jO@l(G@Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 060940c0-836d-4153-84d8-5289fa553f28 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7909aa8e-3155-48de-84a1-6f30e25c0a13 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. d-x**huj;O E'b&  8P!uj;O@l(K@Bl( DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**hNGO E'b&  8P!NGO@l(K@Bl( DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**hQpO E'b&  8P!QpO@l(@Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hÀO E'b&  8P!ÀO@l(@Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h€۠O E'b&  8P!۠O@l( Al(€Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hÀO E'b&  8P!O@l( Al(ÀMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hĀdO E'b&  8P!dO@l(!Al( < ĀMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hŀO E'b&  8P!O@l(!Al( < ŀMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hƀ,܎ E'b&  8P!,܎@l(PAl(4ƀMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hǀ ;܎ E'b&  8P! ;܎@l(PAl(4ǀMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**hȀv E'b&  8P!v@l(ABl(<ȀMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hɀSK E'b&  8P!SK@l(ABl(<ɀMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hʀX E'b&  8P!X@l(Al(ʀMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hˀ E'b&  8P!@l(Al(ˀMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**x̀+^ E'b&  8P!!j+^@l(BBl(̀Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 14480fb3-5461-424a-9f5b-b86908651e83 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6fac20d8-16d1-4a24-94e7-192dea364134 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**h̀P| E'b&  8P!P|@l(BBl(th̀Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h΀. E'b&  8P!.@l(BBl(th΀Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**hπ E'b&  8P!@l(5Al(,πMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hЀ  E'b&  8P! @l(5Al(,ЀMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $h**hр E'b&  8P!@l(pAl(xрMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hҀ  E'b&  8P! @l(pAl(xҀMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hӀk E'b&  8P!k@l(CBl( ӀMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hԀ| E'b&  8P!|@l(CBl( ԀMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Nh**hՀ5잳 E'b&  8P!5잳@l( Al(8ՀMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hր6 E'b&  8P!6@l( Al(8րMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**x׀'. E'b&  8P!!j'.@l(DBl(L ׀Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 45af7a5c-e151-458e-bb5d-568733c88d60 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = bc0f5b30-69ed-4081-a861-992f21e79d15 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**h؀ K E'b&  8P! K@l(VAl(؀Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hـ Z E'b&  8P! Z@l(VAl(ـMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (h**hڀ˴ E'b&  8P!˴@l( EBl(pڀMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hۀ&ڴ E'b&  8P!&ڴ@l( EBl(pۀMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h܀%|A E'b&  8P!%|A@l(Al( ܀Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h݀A E'b&  8P!A@l(Al( ݀Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hހ1oK E'b&  8P!1oK@l(EBl(( ހMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h߀d~K E'b&  8P!d~K@l(EBl(( ߀Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hS E'b&  8P!S@l(EBl(4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h^S E'b&  8P!^S@l(EBl(4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a ih**h*:T E'b&  8P!*:T@l(EBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hHT E'b&  8P!HT@l(EBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a\SYh**x T E'b&  8P!!j T@l(;Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c2986e41-4e18-4dfa-9285-463107b2a973 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ccb4bb42-8231-496d-9f7a-474131021acf Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hLT E'b&  8P!LT@l(FBl(  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hU E'b&  8P!U@l(FBl(  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**hW E'b&  8P!W@l()FBl(<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hƒW E'b&  8P!ƒW@l()FBl(<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Nh**hNW E'b&  8P!NW@l(MFBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &autih**hBW E'b&  8P!BW@l(MFBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atioh**xmO;X E'b&  8P!!jmO;X@l(Al( `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 495cba94-ab2d-4611-92e1-70547fce17a6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ee98c649-13fd-470a-9451-807d25a6fa4f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. elx**h_X E'b&  8P!_X@l(Al(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h nX E'b&  8P! nX@l(Al(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad Gh**hX E'b&  8P!X@l(Al(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a-anh**h4X E'b&  8P!4X@l(Al(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ay -h**xۉY E'b&  8P!!jۉY@l(GBl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4722024f-a8fc-42aa-a713-267a5668500c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0a20b97e-afe6-4987-9372-f2a25c19b0ef Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Six**h#Y E'b&  8P!#Y@l(GBl(p Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aon h**hkI,Y E'b&  8P!kI,Y@l(GBl(p Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aSelh**heY E'b&  8P!eY@l(GBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h^pY E'b&  8P!^pY@l(GBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad Gh**hY E'b&  8P!Y@l(GBl(l Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a-anh**hY E'b&  8P!Y@l(GBl(l Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ay -h**h Y E'b&  8P! Y@l(GBl(P xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h{Y E'b&  8P!{Y@l(GBl(P xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**ha E'b&  8P!a@l(Bl( ( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h E'b&  8P!@l(Bl( ( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hY  E'b&  8P!Y @l(HBl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h[  E'b&  8P![ @l(HBl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h  E'b&  8P! @l(xBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h  E'b&  8P! @l(xBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**x!GE  E'b&  8P!!j!GE @l(xIBl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c45de04f-0ad4-4cd8-8f9d-fffa2089b0d4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 31ce5fdb-2233-42a1-a456-2ce9de952360 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h`  E'b&  8P!` @l(|IBl(<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h l  E'b&  8P! l @l(|IBl(<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h  E'b&  8P! @l(Bl( |Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h  E'b&  8P! @l(Bl( |Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hn E'b&  8P!n@l(KBl(LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h>{ E'b&  8P!>{@l(KBl(LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hcc E'b&  8P!cc@l(CKBl(0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hBq E'b&  8P!Bq@l(CKBl(0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h E'b&  8P!@l(uBl(  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h Ŝ E'b&  8P!Ŝ@l(uBl(  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aterh**hiv~ E'b&  8P!jDU@l(Bl(  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*hj\ E'b&  8P!\@l(4Bl(\jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $ch**hzD E'b&  8P!j|@l(^5Bl(kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*hD E'b&  8P!D@l((Bl( \ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & ih**hiD E'b&  8P!iD@l(6Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h#3D E'b&  8P!#3D@l(6Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &\SYhEM  E'b&  8PssjIE@l(Al( 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@soft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &sh**ho`Ņ E'b&  8P!o`Ņ@l(Al(D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh-Windows-Pow E'b&  8PP & hElfChnk Y YPŕag(P=f?mMF&a** DU E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jDU@l(Bl(  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = cfa848c7-7116-41fb-8ffc-04f6a88b5a33 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 32e8ba92-9ba2-4cc8-87be-2fd24a3bbaf0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. an** I. E'b&  8P9!I.@l(KBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c({ **h 8 E'b&  8P!8@l(KBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**h j E'b&  8P!j@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**h㵾 E'b&  8P!㵾@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hT?Z E'b&  8P!T?Z@l(|LBl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h6NZ E'b&  8P!6NZ@l(|LBl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hd E'b&  8P!d@l(LBl(  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hd E'b&  8P!d@l(LBl(  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**ho~l E'b&  8P!o~l@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hl E'b&  8P!l@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h\l E'b&  8P!\l@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hl E'b&  8P!l@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**xh$\m E'b&  8P!!jh$\m@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 92ee8726-bef6-440a-adb7-92eb0bec6107 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 06e0bdcd-adae-422d-9291-783a4fc00296 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hm E'b&  8P!m@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hRm E'b&  8P!Rm@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**h53p E'b&  8P!53p@l(MBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hYAp E'b&  8P!YAp@l(MBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h'`p E'b&  8P!'`p@l(:Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h4mp E'b&  8P!4mp@l(:Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**x$p E'b&  8P!!j$p@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 36ccf4eb-f2c8-4f4a-a359-252200f3ab1c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ab397836-f423-4e50-a678-635ffa949567 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hPQp E'b&  8P!PQp@l(NBl(< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h -=p E'b&  8P!-=p@l(NBl(< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**h!Efq E'b&  8P!Efq@l(EBl(!Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h"]tq E'b&  8P!]tq@l(EBl("Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $h**h#kr E'b&  8P!kr@l(NBl( #Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h$xr E'b&  8P!xr@l(NBl( $Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h%UӚr E'b&  8P!UӚr@l(LBl(l%Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h&6r E'b&  8P!6r@l(LBl(l&Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Nh**x' s E'b&  8P!!j s@l(OBl(d 'Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b0eee828-f194-4a7f-b089-49aae3e4604d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = bd9d5af8-6f1a-4936-b927-1b4fddb452cc Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**h(Bs E'b&  8P!Bs@l(Bl(p(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h)lNs E'b&  8P!lNs@l(Bl(p)Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**h*ls E'b&  8P!ls@l(OBl(d `*Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h+^zs E'b&  8P!^zs@l(OBl(d `+Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (h**x,rVs E'b&  8P!!jrVs@l(OBl(d ,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 003785b3-fb1f-49fe-b15e-119f5b9f3c74 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 825e33e7-00bd-4996-92d4-e55f66bdf13c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. a-x**h- zt E'b&  8P! zt@l(OBl(t<-Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**h.e t E'b&  8P!e t@l(OBl(t<.Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**h/ Et E'b&  8P! Et@l(OBl(x/Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h0Qt E'b&  8P!Qt@l(OBl(x0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h1Lit E'b&  8P!Lit@l( Bl( h1Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h2d0wt E'b&  8P!d0wt@l( Bl( h2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h3mt E'b&  8P!mt@l(#Bl( 3Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h4t E'b&  8P!t@l(#Bl( 4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h5C  E'b&  8P!C @l(PBl(< 5Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h6l  E'b&  8P!l @l(PBl(< 6Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**h7'v% E'b&  8P!'v%@l(PBl(XD7Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h8u% E'b&  8P!u%@l(PBl(XD8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**h9Gw% E'b&  8P!Gw%@l(Bl(<9Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h: % E'b&  8P! %@l(Bl(<:Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Nh**x;E&& E'b&  8P!!jE&&@l(Bl( ;Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a8d13dd3-7371-4a8b-bdb2-67c50c07d4ef Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f45c73e5-d418-4819-9b4a-ff94b720672e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**h<8D& E'b&  8P!8D&@l(QBl(<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h=Q& E'b&  8P!Q&@l(QBl(=Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aelh**h>Vj& E'b&  8P!Vj&@l(Bl(4 >Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h?V& E'b&  8P!V&@l(Bl(4 ?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad Gh**h@>߿ E'b&  8P!>߿@l(Bl( @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a-anh**hA`e쿓 E'b&  8P!`e쿓@l(Bl( AMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ay -h**hBDؓ E'b&  8P!Dؓ@l(;Bl($ BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hCPؓ E'b&  8P!Pؓ@l(;Bl($ CMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hD oؓ E'b&  8P! oؓ@l(CBl(L TDMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hEzؓ E'b&  8P!zؓ@l(CBl(L TEMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**xFٓ E'b&  8P!!jٓ@l(Bl(L P FMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1afd8a42-7d0c-4e57-a763-53c005e2641a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e8446510-14dd-4a18-91f3-29ee643da0ea Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Gx**hGk2ٓ E'b&  8P!k2ٓ@l(Bl(GMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a-anh**hHW>ٓ E'b&  8P!W>ٓ@l(Bl(HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ay -h**hIԭٓ E'b&  8P!ԭٓ@l( Bl(4  IMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hJ Yٓ E'b&  8P! Yٓ@l( Bl(4  JMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hK\r E'b&  8P!\r@l(UBl(KMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hL5yr E'b&  8P!5yr@l(UBl(LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hM${ E'b&  8P!${@l(UBl(tMMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hN{ E'b&  8P!{@l(UBl(tNMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hOބ E'b&  8P!ބ@l(UBl( OMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hP섔 E'b&  8P!섔@l(UBl( PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hQB + E'b&  8P!B +@l( Bl(L 8 QMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hRZ[9 E'b&  8P!Z[9@l( Bl(L 8 RMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xSЅ E'b&  8P!!jЅ@l(bVBl(L |SMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = be11ea66-f6af-4504-8f4d-aa396f43f17d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 452e1e9d-b8c4-42f4-a9f5-e9b58332c5a9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hTy E'b&  8P!y@l( Bl(LTMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hUe  E'b&  8P!e @l( Bl(LUMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hV; E'b&  8P!;@l(VBl( VMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hW! E'b&  8P!!@l(VBl( WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hX@ E'b&  8P!@@l($ Bl(8 XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hY KO E'b&  8P! KO@l($ Bl(8 YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h E'b&  8P!jsʺ@l(lWBl(d ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*h Ŝ E'b&  8P!Ŝ@l(uBl(  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aterh**hiv~ E'b&  8P!jDU@l(Bl(  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*hj\ E'b&  8P!\@l(4Bl(\jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $ch**hzD E'b&  8P!j|@l(^5Bl(kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*hD E'b&  8P!D@l((Bl( \ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & ih**hiD E'b&  8P!iD@l(6Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h#3D E'b&  8P!#3D@l(6Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &\SYhEM  E'b&  8PssjIE@l(Al( 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@soft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &sh**ho`Ņ E'b&  8P!o`Ņ@l(Al(D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh-Windows-Pow E'b&  8PP & hElfChnkZZhs*(P=f?mMF&a**Zsʺ E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jsʺ@l(lWBl(d ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1705b8ef-99d5-4943-92d0-1e39e12a2b17 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 00064f23-77a0-4535-a2fc-b76cf709dabe Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. an**[a׋ E'b&  8P9!a׋@l(pWBl(\ D[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c({ **h\n㋔ E'b&  8P!n㋔@l(pWBl(\ D\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**h]9T E'b&  8P!9T@l( Bl(0 ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**h^%` E'b&  8P!%`@l( Bl(0 ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**h_7 E'b&  8P!7@l(>XBl(T_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h`l E'b&  8P!l@l(>XBl(T`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hak E'b&  8P!k@l( Bl(aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hbj E'b&  8P!j@l( Bl(bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**xc_/ E'b&  8P!!j_/@l(x Bl( cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1bb5472b-41ee-4f4a-8fad-f5c2c135e729 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = aa026fc6-979a-4488-b9b8-94556f60a3a1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hd%7R E'b&  8P!%7R@l(| Bl(l dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hep` E'b&  8P!p`@l(| Bl(l eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hf~ E'b&  8P!~@l(XBl(4<fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hgFk E'b&  8P!Fk@l(XBl(4<gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**xhV1 E'b&  8P!!jV1@l(WYBl(4\hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7808a028-a5dd-483c-ace2-43a5b72fcaf1 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b7b1db94-538b-4f36-8dc4-24515f0d8909 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hiXu E'b&  8P!Xu@l(XYBl( iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hj  E'b&  8P! @l(XYBl( jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hk|S E'b&  8P!|S@l(YYBl(xkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hl;_ E'b&  8P!;_@l(YYBl(xlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hm x E'b&  8P! x@l( Bl(mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hnpj E'b&  8P!pj@l( Bl(nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**ho= E'b&  8P!=@l( Bl( oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hp E'b&  8P!@l( Bl( pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**hqp  E'b&  8P!p @l(ZBl(( qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hrE6  E'b&  8P!E6 @l(ZBl(( rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $h**hsI% E'b&  8P!I%@l( Bl( sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**ht]% E'b&  8P!]%@l( Bl( tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**huyA E'b&  8P!yA@l( Bl(`xuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hvǚA E'b&  8P!ǚA@l( Bl(`xvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Nh**hwTA E'b&  8P!TA@l( Bl( wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hx4A E'b&  8P!4A@l( Bl( xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xy?B E'b&  8P!!j?B@l(ZBl(  yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8b620f7a-d09a-4eff-8756-84d8a3b2f349 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ae8dab1c-8961-47a9-bdd1-fe57536ec833 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hzrZB E'b&  8P!rZB@l(ZBl(zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h{fB E'b&  8P!fB@l(ZBl({Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (h**h|knB E'b&  8P!knB@l(Bl( |Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h}cxB E'b&  8P!cxB@l(Bl( }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h~ҏQؕ E'b&  8P!ҏQؕ@l(S[Bl(~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h_ؕ E'b&  8P!_ؕ@l(S[Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h[ E'b&  8P![@l([Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hul E'b&  8P!ul@l([Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hm E'b&  8P!m@l(Bl(\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**h\ E'b&  8P!\@l(Bl(\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**xAh E'b&  8P!!jAh@l('Bl(\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 70a1f1b0-29c6-4841-8933-16d8259c47b9 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c104547c-5326-4584-acc5-5e59a2081e4d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hF, E'b&  8P!F,@l(G\Bl(d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h28 E'b&  8P!28@l(G\Bl(d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**hr E'b&  8P!r@l(iBl(H 8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h^ E'b&  8P!^@l(iBl(H 8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**hd E'b&  8P!>d@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**ht E'b&  8P!t@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Whdows-PowerSh E'b&  8PE'bj翖@l(_Bl( DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @dows-PowerShell/Operational &aterh**hiv~ E'b&  8P!jDU@l(Bl(  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*hj\ E'b&  8P!\@l(4Bl(\jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $ch**hzD E'b&  8P!j|@l(^5Bl(kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*hD E'b&  8P!D@l((Bl( \ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & ih**hiD E'b&  8P!iD@l(6Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h#3D E'b&  8P!#3D@l(6Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &\SYhEM  E'b&  8PssjIE@l(Al( 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@soft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &sh**ho`Ņ E'b&  8P!o`Ņ@l(Al(D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh-Windows-Pow E'b&  8PP & hElfChnk JyR(P=f?mMF&a**翖 E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j翖@l(_Bl( DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6bba1de6-f11c-4249-9b5e-18e4fa919c8c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7a2ff22c-1a81-4d1d-831d-f29282240f63 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. an*** E'b&  8P9!*@l(Bl($ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c({ **h E'b&  8P!@l(Bl($ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**h^7 E'b&  8P!^7@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**hz~C E'b&  8P!z~C@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**x˪ E'b&  8P!!j˪@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d28632b5-4697-43e5-a6c6-60ebfa4df16f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1de969a4-bff1-4826-b6ac-5c925a106e04 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**h E'b&  8P!@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h{ E'b&  8P!{@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h1 E'b&  8P!1@l(`Bl(`T Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**ho*  E'b&  8P!o* @l(`Bl(`T Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $h**h^8 E'b&  8P!^8@l(`Bl(tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h BF E'b&  8P! BF@l(`Bl(tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h]I E'b&  8P!]I@l(`Bl(4p Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hW E'b&  8P!W@l(`Bl(4p Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**hla E'b&  8P!la@l(Bl(@ H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**ha E'b&  8P!a@l(Bl(@ H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h@r E'b&  8P!@r@l(^Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h Nr E'b&  8P! Nr@l(^Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hmr E'b&  8P!mr@l(hBl($Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h9|r E'b&  8P!9|r@l(hBl($Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**x}r E'b&  8P!!j}r@l(aBl($\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = abc6b603-01f3-45a5-a69d-50c42451d234 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5f34831a-e8bd-4954-a32e-12644d1e175d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**h#t s E'b&  8P!#t s@l(aBl(P D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h_s E'b&  8P!_s@l(aBl(P D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**hs E'b&  8P!s@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hLs E'b&  8P!Ls@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $h**h` E'b&  8P!`@l(Bl(LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h E'b&  8P!@l(Bl(LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h% E'b&  8P!%@l(cBl(DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hÁE% E'b&  8P!E%@l(cBl(DÁMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Nh**hā~=% E'b&  8P!~=%@l(3Bl(āMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hŁ%K% E'b&  8P!%K%@l(3Bl(ŁMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xƁN% E'b&  8P!!jN%@l(cBl( ƁMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4668bf68-0394-4693-a9bd-840d89e69d6f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 45ddacd6-f260-4714-b241-89b7ad393824 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hǁ% E'b&  8P!%@l(cBl( 0ǁMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hȁ% E'b&  8P!%@l(cBl( 0ȁMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (h**hɁdc& E'b&  8P!dc&@l(Bl(ɁMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hʁ Mp& E'b&  8P! Mp&@l(Bl(ʁMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hˁv E'b&  8P!v@l(mBl(  ˁMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h́y' E'b&  8P!y'@l(mBl(  ́Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h́TVǘ E'b&  8P!TVǘ@l(dBl(0 ́Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h΁gǘ E'b&  8P!gǘ@l(dBl(0 ΁Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hρvǘ E'b&  8P!vǘ@l(Bl(PP ρMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hЁ'ǘ E'b&  8P!'ǘ@l(Bl(PP ЁMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hс]-?Ș E'b&  8P!]-?Ș@l(Bl(сMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hҁQLȘ E'b&  8P!QLȘ@l(Bl(ҁMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xӁ; Ș E'b&  8P!!j; Ș@l(UBl( ӁMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6034fcb3-bf8e-427e-9457-ee9fe1e2c6b3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 614bc44e-49e0-4262-809b-e50f5ce0096a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hԁȘ E'b&  8P!Ș@l(WBl(0hԁMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hՁbɘ E'b&  8P!bɘ@l(WBl(0hՁMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**hց ɘ E'b&  8P! ɘ@l(uBl( ցMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hׁlɘ E'b&  8P!lɘ@l(uBl( ׁMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Nh**h؁~ɘ E'b&  8P!~ɘ@l(eBl(h؁Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hفʘ E'b&  8P!ʘ@l(eBl(hفMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xځ[4|ʘ E'b&  8P!!j[4|ʘ@l(Bl(h ځMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 143421ae-b78a-48ad-98ca-c82565c279c5 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 988a0b56-06c5-49e8-8fab-0cae621e04f8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Six**hہ ʘ E'b&  8P! ʘ@l(Bl(dDہMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aon h**h܁gʘ E'b&  8P!gʘ@l(Bl(dD܁Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aSelh**h݁ʘ E'b&  8P!ʘ@l()Bl(0݁Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hށʘ E'b&  8P!ʘ@l()Bl(0ށMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad Gh**x߁HCF˘ E'b&  8P!!jHCF˘@l(UfBl(0 ߁Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1dc8e624-a28b-491d-91aa-eecb0a37b626 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c23e288b-0518-4700-84b3-3b96616b4ccf Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. nax**hsc˘ E'b&  8P!sc˘@l(XfBl(HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &acath**h_o˘ E'b&  8P!_o˘@l(XfBl(HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sih**h;W˘ E'b&  8P!;W˘@l(wfBl(8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aon h**h ˘ E'b&  8P! ˘@l(wfBl(8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aSelh**h˘ E'b&  8P!˘@l(fBl(d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hlL˘ E'b&  8P!lL˘@l(fBl(d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad Gh**h̡˘ E'b&  8P!̡˘@l(pBl(H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a-anh**h˘ E'b&  8P!˘@l(pBl(H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ay -h**hdS'z E'b&  8P!dS'z@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h5z E'b&  8P!5z@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hT| E'b&  8P!T|@l(gBl(P Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h| E'b&  8P!|@l(gBl(P Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hh2} E'b&  8P!h2}@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h׀} E'b&  8P!׀}@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**x'} E'b&  8P!!j'}@l(3hBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = cb544640-1719-4c96-a6f2-66c49397daff Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4b0c7744-d8d8-4dc4-a540-b4c746ef92cc Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**h} E'b&  8P!}@l(6hBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hվ} E'b&  8P!վ}@l(6hBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hd<0~ E'b&  8P!d<0~@l(hBl(L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h(<~ E'b&  8P!(<~@l(hBl(L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hs, E'b&  8P!s,@l({iBl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h%c- E'b&  8P!%c-@l({iBl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h/ E'b&  8P!/@l(iBl( pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h/ E'b&  8P!/@l(iBl( pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h./ E'b&  8P!./@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h/ E'b&  8P!/@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aterh**hiv~ E'b&  8P!j"qJ0@l(#Bl(  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*hj\ E'b&  8P!\@l(4Bl(\jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $ch**hzD E'b&  8P!j|@l(^5Bl(kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*hD E'b&  8P!D@l((Bl( \ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & ih**hiD E'b&  8P!iD@l(6Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h#3D E'b&  8P!#3D@l(6Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &\SYhEM  E'b&  8PssjIE@l(Al( 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@soft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &sh**ho`Ņ E'b&  8P!o`Ņ@l(Al(D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh-Windows-Pow E'b&  8PP & hElfChnkHHP4$B(P=f?mMF&a**"qJ0 E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j"qJ0@l(#Bl(  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7880ba2b-8a98-40e0-b6e5-16b059d77b26 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c34487e0-eb15-4498-a986-9434412ec3d9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. an**Pg0 E'b&  8P9!Pg0@l($Bl(HpMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c({ **hBu0 E'b&  8P!Bu0@l($Bl(HpMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**h[0 E'b&  8P![0@l(Bl(<XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**h'0 E'b&  8P!'0@l(Bl(<XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hI"ؚ E'b&  8P!I"ؚ@l(Bl($ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hJ2ؚ E'b&  8P!J2ؚ@l(Bl($ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h\ߚ E'b&  8P!\ߚ@l(Bl(d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hlQߚ E'b&  8P!lQߚ@l(Bl(d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h E'b&  8P!@l(W Bl(,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hِ E'b&  8P!ِ@l(W Bl(,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h0 E'b&  8P!0@l([kBl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**h< E'b&  8P!<@l([kBl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**xW! E'b&  8P!!jW!@l(kBl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5f12d2e1-3e8e-4bab-933e-2675a1e9855d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 3af47938-f869-4608-97e4-614f96e8af9d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hN E'b&  8P!N@l(kBl(< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h: E'b&  8P!:@l(kBl(< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h Ys E'b&  8P!Ys@l(kBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h E E'b&  8P!E@l(kBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h  E'b&  8P!@l(V!Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h ӭ E'b&  8P!ӭ@l(V!Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**x  E'b&  8P!!j@l('"Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0a7a9ae2-d566-40fc-bda3-a63132cd9216 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ff1493a2-3c76-4e8d-a23a-c9d312d74d44 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hZ3 E'b&  8P!Z3@l(kBl(P\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h~A E'b&  8P!~A@l(kBl(P\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**h E'b&  8P!@l("Bl(D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h E'b&  8P!@l("Bl(D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $h**h;] E'b&  8P!;]@l([lBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h$yk E'b&  8P!$yk@l([lBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h)Ē E'b&  8P!)Ē@l("Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h E'b&  8P!@l("Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Nh**x  E'b&  8P!!j @l(mBl(\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f1522456-fe67-4038-8516-2dfdb651310a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 120fa8d0-0331-4e20-b229-d5f7c9b3da35 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**h@8 E'b&  8P!@8@l(`#Bl(D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hw,D E'b&  8P!w,D@l(`#Bl(D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**h-c E'b&  8P!-c@l(l#Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hro E'b&  8P!ro@l(l#Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (h**x E'b&  8P!!j@l(#Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 75000d82-dc04-41e3-a9f3-121ec42f2c7d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 96dfc735-f336-4339-9743-74d4d8a339c3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. e-x**h7 E'b&  8P!7@l(mBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**h  E'b&  8P! @l(mBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**hM68 E'b&  8P!M68@l(nBl(\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h-E E'b&  8P!-E@l(nBl(\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h K\ E'b&  8P!K\@l(>$Bl(t  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h!k E'b&  8P!k@l(>$Bl(t !Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h"Gw E'b&  8P!Gw@l(A$Bl(Tt"Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h#N E'b&  8P!N@l(A$Bl(Tt#Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h$< E'b&  8P!<@l($Bl( , $Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h%ݤ E'b&  8P!ݤ@l($Bl( , %Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**h&dm E'b&  8P!dm@l(coBl(tP &Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h'{ E'b&  8P!{@l(coBl(tP 'Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**h(ͤ E'b&  8P!ͤ@l($Bl(P (Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h)$s E'b&  8P!$s@l($Bl(P )Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Nh**x*i E'b&  8P!!ji@l()pBl(P*Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 91c03434-0804-44e7-a95a-f3f5908d1d3c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 45392926-ffda-433c-8059-a549ee577dca Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**h+9 E'b&  8P!9@l(-pBl(H +Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h,ϡF E'b&  8P!ϡF@l(-pBl(H ,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aSih**h-uܱ E'b&  8P!uܱ@l(pBl(X-Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aon h**h.6Ƚ E'b&  8P!6Ƚ@l(pBl(X.Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aSelh**h/IhE E'b&  8P!IhE@l(<%Bl(@ /Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h0LuE E'b&  8P!LuE@l(<%Bl(@ 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad Gh**h1?P E'b&  8P!?P@l(qBl( H1Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h2qNP E'b&  8P!qNP@l(qBl( H2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h3lP E'b&  8P!lP@l(%Bl(3Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h4{P E'b&  8P!{P@l(%Bl(4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**x5P E'b&  8P!!jP@l(%Bl(5Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7b30e7a7-9621-4b07-a66b-491f5bc9c687 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8340266b-d92b-44bf-a7c5-71a621397d3a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. elx**h6KQ E'b&  8P!KQ@l(rBl( 6Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h7Q E'b&  8P!Q@l(rBl( 7Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad Gh**h82-Q E'b&  8P!2-Q@l(3&Bl(,8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a-anh**h9^{Q E'b&  8P!^{Q@l(3&Bl(,9Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ay -h**h:H E'b&  8P!H@l(sBl(T :Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h; E'b&  8P!@l(sBl(T ;Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h<T8 E'b&  8P!T8@l(sBl( <Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h=-TE E'b&  8P!-TE@l(sBl( =Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h> q E'b&  8P! q@l(5'Bl($( >Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h?h  E'b&  8P!h @l(5'Bl($( ?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h@bEK E'b&  8P!bEK@l(;'Bl( @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hAX E'b&  8P!X@l(;'Bl( AMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xB  E'b&  8P!!j @l(-tBl(X BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5b840acd-2bfc-4694-b86d-8e903107a676 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e6e1a5a1-d38b-4798-a2dd-37e973d1e97c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hC+ E'b&  8P!+@l('Bl(( CMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hD E'b&  8P!@l('Bl(( DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hEr E'b&  8P!r@l(2q E'b&  8P!>2q@l(J-Bl(  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hSD E'b&  8P!SD@l(n}Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h00 E'b&  8P!00@l(n}Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**xo E'b&  8P!!jo@l(}Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8f9359a5-0228-4bff-9aa8-ce4d984791e2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 53f54880-07d7-4d0d-958a-6ee90f0d73d6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. elx**h  E'b&  8P! @l(~Bl( d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h, E'b&  8P!,@l(~Bl( d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad Gh**hH.h E'b&  8P!H.h@l(|~Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a-anh**hs E'b&  8P!s@l(|~Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ay -h**hm E'b&  8P!m@l(~Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h E'b&  8P!@l(~Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hf E'b&  8P!f@l(.Bl(dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h+ E'b&  8P!+@l(.Bl(dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hrzß E'b&  8P!rzß@l(*Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hL^ß E'b&  8P!L^ß@l(*Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h4,ȟ E'b&  8P!4,ȟ@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hȟ E'b&  8P!ȟ@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hȟ E'b&  8P!ȟ@l(.Bl(D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hȟ E'b&  8P!ȟ@l(.Bl(D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xBBɟ E'b&  8P!!jBBɟ@l()Bl(D 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d32d794f-09e4-4550-976b-51be6ce328c0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5fa35117-4c00-495a-96bb-40e5cc016957 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hO#^ɟ E'b&  8P!O#^ɟ@l()/Bl(<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h0xlɟ E'b&  8P!0xlɟ@l()/Bl(<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hɟ E'b&  8P!ɟ@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hɟ E'b&  8P!ɟ@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h0Kv E'b&  8P!0Kv@l(/Bl(, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h\v E'b&  8P!\v@l(/Bl(, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aterh**hSJj{ E'b&  8P!SJj{@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h#{{ E'b&  8P!#{{@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $ch**h>{ E'b&  8P!>{@l(0Bl( `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h6*{ E'b&  8P!6*{@l(0Bl( `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a ih**hiD E'b&  8P!jS1|@l(0Bl( @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*h#3D E'b&  8P!#3D@l(6Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &\SYhEM  E'b&  8PssjIE@l(Al( 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@soft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &sh**ho`Ņ E'b&  8P!o`Ņ@l(Al(D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh-Windows-Pow E'b&  8PP & hElfChnkPC g/(P=f?mMF&a**S1| E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jS1|@l(0Bl( @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = dff16493-c578-46db-83dd-4c37251614d2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 44d22def-f533-414e-993b-747bd5350aac Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. an**^N| E'b&  8P9!^N|@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c({ **h8[| E'b&  8P!8[|@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**h?| E'b&  8P!?|@l( 1Bl(d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**h+| E'b&  8P!+|@l( 1Bl(d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hf  E'b&  8P!f @l(Bl(hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h_  E'b&  8P!_ @l(Bl(hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h#*" E'b&  8P!#*"@l(\1Bl(LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h>" E'b&  8P!>"@l(\1Bl(LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h) E'b&  8P!)@l(YBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h-) E'b&  8P!-)@l(YBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h#) E'b&  8P!#)@l(1Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**h') E'b&  8P!')@l(1Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hZ* E'b&  8P!Z*@l(1Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**hF+* E'b&  8P!F+*@l(1Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**x* E'b&  8P!!j*@l(]2Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 21d00f2b-8913-40e8-a2dc-17d74ded5099 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 46064e5b-ea44-4ac1-98bb-a4f294b17b86 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rsx**h * E'b&  8P! *@l(^2Bl(4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h?* E'b&  8P!?*@l(^2Bl(4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hW, E'b&  8P!W,@l(2Bl(LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h=e, E'b&  8P!=e,@l(2Bl(LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h, E'b&  8P!,@l(2Bl(hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h7, E'b&  8P!7,@l(2Bl(hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xK! - E'b&  8P!!jK! -@l( 3Bl(hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 52f208fd-d1ca-476e-b305-8c36144932ce Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6287667e-c310-4140-ad52-5d0548136076 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**h-- E'b&  8P!--@l(!3Bl($Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hy9- E'b&  8P!y9-@l(!3Bl($Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $h**hX- E'b&  8P!X-@l(*3Bl(L HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hzYc- E'b&  8P!zYc-@l(*3Bl(L HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**x- E'b&  8P!!j-@l(Bl(L `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3f70165c-a2d2-4c46-9f8a-de9300f4a89a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = cd620a97-1e78-4492-b65e-2c0c3c4b8317 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**h- E'b&  8P!-@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h{- E'b&  8P!{-@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hzT5. E'b&  8P!zT5.@l(SBl(0d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h<@A. E'b&  8P!<@A.@l(SBl(0d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h.Y. E'b&  8P!.Y.@l(M4Bl($4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**he. E'b&  8P!e.@l(M4Bl($4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (h**h=g. E'b&  8P!=g.@l(N4Bl(LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h‚s. E'b&  8P!s.@l(N4Bl(L‚Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hÂ8ۡ E'b&  8P!8ۡ@l(4Bl(x ÂMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hĂ)\ۡ E'b&  8P!)\ۡ@l(4Bl(x ĂMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hł(eߡ E'b&  8P!(eߡ@l(]Bl(tłMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hƂfxߡ E'b&  8P!fxߡ@l(]Bl(tƂMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hǂ\ߡ E'b&  8P!\ߡ@l(4Bl( ǂMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hȂ_ߡ E'b&  8P!_ߡ@l(4Bl( ȂMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**xɂr- E'b&  8P!!jr-@l(m5Bl( ɂMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a1b11266-9c5e-47f6-aece-c7a0b4dd530d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 578c369f-2724-44c4-8b33-66b7d0871849 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hʂaI E'b&  8P!aI@l(Bl(`hʂMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h˂DMU E'b&  8P!DMU@l(Bl(`h˂Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**ĥګ E'b&  8P!ګ@l(5Bl( ̂Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h͂ E'b&  8P!@l(5Bl( ͂Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**h΂@ E'b&  8P!@@l(46Bl(΂Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hςȎ E'b&  8P!Ȏ@l(46Bl(ςMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Nh**hЂ4 E'b&  8P!4@l(6Bl(,`ЂMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hтE E'b&  8P!E@l(6Bl(,`тMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h҂9e E'b&  8P!9e@l(6Bl(҂Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hӂps E'b&  8P!ps@l(6Bl(ӂMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**xԂI E'b&  8P!!jI@l(*Bl(ԂMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 89520527-b007-40ca-ad2d-e88094aa8416 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1eb48340-1d5e-4667-ae16-7aec6e453682 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hՂ  E'b&  8P! @l(,Bl(ՂMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hւ  E'b&  8P! @l(,Bl(ւMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Gh**hׂX E'b&  8P!X@l(6Bl( LׂMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h؂1| E'b&  8P!1|@l(6Bl( L؂Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hق9 E'b&  8P!9@l(7Bl(P قMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hڂ)9 E'b&  8P!)9@l(7Bl(P ڂMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hۂ,jA E'b&  8P!,jA@l(7Bl(lۂMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h܂LPA E'b&  8P!LPA@l(7Bl(l܂Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h݂IB E'b&  8P!IB@l(Bl( ݂Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hނgUB E'b&  8P!gUB@l(Bl( ނMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h߂GB E'b&  8P!GB@l(Bl(`h߂Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hZB E'b&  8P!ZB@l(Bl(`hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**x{ E'b&  8P!>{@l(0Bl( `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h6*{ E'b&  8P!6*{@l(0Bl( `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a ih**hiD E'b&  8P!jS1|@l(0Bl( @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*h#3D E'b&  8P!#3D@l(6Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &\SYhEM  E'b&  8PssjIE@l(Al( 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@soft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &sh**ho`Ņ E'b&  8P!o`Ņ@l(Al(D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh-Windows-Pow E'b&  8PP & hElfChnk@@(P=f?mMF&a**F E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jF@l(]Bl(l8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 746347f9-6481-4fc9-a7c1-66691f8faba5 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5d4e0b48-2b4f-4799-88fc-7afdcdace2ff Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. an**F E'b&  8P9!F@l(aBl(<HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c({ **h@F E'b&  8P!@F@l(aBl(<HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**h;G E'b&  8P!;G@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**heGG E'b&  8P!eGG@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hV\G E'b&  8P!V\G@l(8Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hv_G E'b&  8P!v_G@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h~jG E'b&  8P!~jG@l(8Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hplG E'b&  8P!plG@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hcg[ E'b&  8P!cg[@l(8Bl(8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hdi E'b&  8P!di@l(8Bl(8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hT E'b&  8P!T@l(q9Bl(l, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hHb E'b&  8P!Hb@l(q9Bl(l, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**h} E'b&  8P!}@l(ێBl($  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**h9 E'b&  8P!9@l(ێBl($  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**xn1 E'b&  8P!!jn1@l(9Bl($ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4682040d-538e-4377-974d-5f9db41cfd4e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5076c19b-08a4-4c93-bb88-9cd335b21cd3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rsx**h@% E'b&  8P!@%@l(9Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h,1 E'b&  8P!,1@l(9Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h. E'b&  8P!.@l(c:Bl(tD Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h߼ E'b&  8P!߼@l(c:Bl(tD Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hsS E'b&  8P!sS@l(ZBl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hP? E'b&  8P!P?@l(ZBl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hs$ E'b&  8P!s$@l(:Bl( `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hHP/ E'b&  8P!HP/@l(:Bl( `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh** l= E'b&  8P !jl=@l(:Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational "p Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 14a8bae0-9b48-4d2b-a575-28a998101ae2 Host Application = powershell.exe -NoProfile -NonInteractive -Command try { $ErrorActionPreference = "Stop" $ProgressPreference = "SilentlyContinue" $modules = Get-InstalledModule -ErrorAction SilentlyContinue if ($modules) { foreach ($mod in $modules) { [PSCustomObject]@{ Name = $mod.Name Version = $mod.Version.ToString() Repository = $mod.Repository Author = $mod.Author } | ConvertTo-Json -Compress Write-Output "---SEPARATOR---" } } } catch { Write-Error $_.Exception.Message; exit 1 } Engine Version = 4.0 Runspace ID = 44aeea38-735f-45e7-a64a-701b877b010d Pipeline ID = 1 Command Name = Command Type = Script Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The term 'Get-InstalledModule' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Fully Qualified Error ID = Microsoft.PowerShell.Commands.WriteErrorException TEM **hW E'b&  8P!W@l(rBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h ma E'b&  8P!ma@l(rBl(  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h * E'b&  8P!*@l(Bl(@  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h 6 E'b&  8P!6@l(Bl(@  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h & E'b&  8P!&@l(=Bl(T 8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h H2 E'b&  8P!H2@l(=Bl(T 8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Hh**h]dR E'b&  8P!]dR@l(n;Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atoph**hP^ E'b&  8P!P^@l(n;Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceMh**x+ث E'b&  8P!!j+ث@l(;Bl(  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9c11ada3-2fde-4bd7-8969-fda3127d328d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d4cae3e7-36c4-4c76-8337-fea0b5837c22 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. sox**hM E'b&  8P!M@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h-9 E'b&  8P!-9@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h-n E'b&  8P!-n@l( Bl(DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hZQ E'b&  8P!ZQ@l(>Bl(DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h!Y E'b&  8P!!Y@l(SBl(@ h$Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d62a3ef4-f145-4eed-89f5-6a12c2294388 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 32b16d7f-e26c-4dd4-a8bb-8bf9af2b620c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ($x**h%^ E'b&  8P!^@l(1Bl(%Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h&^ E'b&  8P!^@l(1Bl(&Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aTEMh**h'Bl(4)Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h*ra E'b&  8P!ra@l(>Bl(4*Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h+a E'b&  8P!a@l( ?Bl(` +Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h,* b E'b&  8P!* b@l( ?Bl(` ,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**x-wb E'b&  8P!!jwb@l(i?Bl(-Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c9ce3c3c-98ad-4989-a73d-516b4f3ec430 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5f7fa369-0a0a-42b8-b221-c9be7b6e6a15 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**h.6b E'b&  8P!6b@l(m?Bl( .Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad th**h/rb E'b&  8P!rb@l(m?Bl( /Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ag =h**h0Tb E'b&  8P!Tb@l(v?Bl(d  0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h1Eb E'b&  8P!Eb@l(v?Bl(d  1Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a ($h**x2M`;c E'b&  8P!!jM`;c@l(?Bl(d X 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b5ccf790-8602-428b-a632-fb3220d426ae Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b9716721-a265-42c8-bb94-014b585f2514 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. e x**h3>MWc E'b&  8P!>MWc@l(?Bl(p 3Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &anPoh**h4jbc E'b&  8P!jbc@l(?Bl(p 4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aPreh**h5c E'b&  8P!c@l(FBl( 5Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h6Ǧc E'b&  8P!Ǧc@l(FBl( 6Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aMach**h7Rc E'b&  8P!Rc@l(p@Bl(@ 7Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad th**h8rc E'b&  8P!rc@l(p@Bl(@ 8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ag =h**h9rc E'b&  8P!rc@l(s@Bl( 9Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h:tc E'b&  8P!tc@l(s@Bl( :Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a ($h**h;{I  E'b&  8P!{I @l(Bl(l;Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h< N  E'b&  8P! N @l(Bl(l<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aTEMh**h=5a E'b&  8P!5a@l(Bl( =Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h>q E'b&  8P!q@l(Bl( >Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h?T E'b&  8P!T@l(yABl(?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h@G E'b&  8P!G@l(yABl(@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh-Windows-Pow E'b&  8P/Oj@l(Bl(L AMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*h\v E'b&  8P!\v@l(/Bl(, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aterh**hSJj{ E'b&  8P!SJj{@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h#{{ E'b&  8P!#{{@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $ch**h>{ E'b&  8P!>{@l(0Bl( `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h6*{ E'b&  8P!6*{@l(0Bl( `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a ih**hiD E'b&  8P!jS1|@l(0Bl( @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*h#3D E'b&  8P!#3D@l(6Al( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &\SYhEM  E'b&  8PssjIE@l(Al( 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@soft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &sh**ho`Ņ E'b&  8P!o`Ņ@l(Al(D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh-Windows-Pow E'b&  8PP & hElfChnkAA(c2(P=f?mMF&a**A E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j@l(Bl(L AMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b32d6caf-8877-45c9-ad37-7f406f3f1f55 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5b815d76-cfac-4e85-b4c8-93a793df5dde Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. an**B% E'b&  8P9!%@l(Bl(BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c({ **hC E'b&  8P!@l(Bl(CMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hD) E'b&  8P!)@l(ABl(|,DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**hE5 E'b&  8P!5@l(ABl(|,EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hFj E'b&  8P!j@l(Bl(8 FMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hG-D E'b&  8P!-D@l(Bl(8 GMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hHoǦ E'b&  8P!oǦ@l(BBl(`HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hI\Ǧ E'b&  8P!\Ǧ@l(BBl(`IMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hJQǦ E'b&  8P!QǦ@l(nBl(T JMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hKrǦ E'b&  8P!rǦ@l(nBl(T KMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**xLgOTȦ E'b&  8P!!jgOTȦ@l(fBl(T LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a7f5ae3f-4c85-4e67-b8ef-96a0be90f503 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9cef903b-c649-48e4-882d-6a791588c3a2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hM rȦ E'b&  8P! rȦ@l(BBl(0 MMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hNȦ E'b&  8P!Ȧ@l(BBl(0 NMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hOȦ E'b&  8P!Ȧ@l(VCBl( OMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hPJ<Ȧ E'b&  8P!J<Ȧ@l(VCBl( PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arsh**hQ҃j E'b&  8P!҃j@l(mBl(0 QMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hR1&j E'b&  8P!1&j@l(mBl(0 RMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hSenr E'b&  8P!enr@l(nBl( SMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hTֈzr E'b&  8P!ֈzr@l(nBl( TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hUyls E'b&  8P!yls@l(sBl( hUMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hVs E'b&  8P!s@l(sBl( hVMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hWߧ[s E'b&  8P!ߧ[s@l(CBl( WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hXis E'b&  8P!is@l(CBl( XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xY'ns E'b&  8P!!j'ns@l(Bl( YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ef6faac8-f7a0-473c-bf6d-010e2179bd9b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1dbae5de-971b-48ea-a444-51e9f072a441 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @ x**hZt E'b&  8P!t@l(XDBl(< ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a@ h**h[t E'b&  8P!t@l(XDBl(< [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aT h**h\Dz E'b&  8P!Dz@l(CBl( \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aT h**h][ Sz E'b&  8P![ Sz@l(CBl( ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h^-tsz E'b&  8P!-tsz@l(DBl( ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h_z E'b&  8P!z@l(DBl( _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**x`z E'b&  8P!!jz@l(Bl( `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = af649ec4-0761-4fe2-9d40-d791067fc33a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b490bd1f-9373-469a-bc8f-5d4935ea9709 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error.  x**ha~A{ E'b&  8P!~A{@l(EBl( aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hb{ E'b&  8P!{@l(EBl( bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a( h**hc8{ E'b&  8P!8{@l(Bl(` cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a( h**hddD{ E'b&  8P!dD{@l(Bl(` dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xe{ E'b&  8P!!j{@l(oEBl(` eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f4c62ac3-2bd5-4d9d-bb83-573214c4701b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e4b46931-56da-4d31-aa62-41a697a5a64c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. oux**hfy+{ E'b&  8P!y+{@l(pEBl(fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aapth**hg'z{ E'b&  8P!'z{@l(pEBl(gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a# sh**hhd| E'b&  8P!d|@l(Bl(0 8 hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hiH!| E'b&  8P!H!|@l(Bl(0 8 iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arsth**hj78| E'b&  8P!78|@l(Bl(jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aFirh**hkF| E'b&  8P!F|@l(Bl(kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a297h**hlz~K| E'b&  8P!z~K|@l(Bl( lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aUseh**hmg"Z| E'b&  8P!g"Z|@l(Bl( mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aL h**hn>% E'b&  8P!>%@l(EBl(< XnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aL h**hohK% E'b&  8P!hK%@l(EBl(< XoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hpdM- E'b&  8P!dM-@l(FFBl( `pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hquZ- E'b&  8P!uZ-@l(FFBl( `qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a@ h**hrx- E'b&  8P!x-@l(RFBl( rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a@ h**hsO- E'b&  8P!O-@l(RFBl( sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a@ h**xta. E'b&  8P!!ja.@l($GBl( tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c64582ba-3b8a-46d1-b3b3-72a8564ffaac Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 91eebb4d-0b6b-472f-a06a-aa3778fae989 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hu]. E'b&  8P!].@l(MBl(uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hvK(. E'b&  8P!K(.@l(MBl(vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hw"J. E'b&  8P!"J.@l(GBl( xwMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hx5. E'b&  8P!5.@l(GBl( xxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hyب E'b&  8P!ب@l(HBl(@ yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hzx ب E'b&  8P!x ب@l(HBl(@ zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h{ E'b&  8P!@l(_HBl(PD {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h|, E'b&  8P!,@l(_HBl(PD |Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h}>J E'b&  8P!>J@l(hHBl(H }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h~KX E'b&  8P!KX@l(hHBl(H ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &actih**x  E'b&  8P!!j @l(ZBl(H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d9a290f8-0daf-4d4a-895d-bab046b0ad08 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c5b40c84-b218-4c3a-a9d9-7f9cd8e9b0f0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. d x**h E'b&  8P!@l(^Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad h**h* E'b&  8P!*@l(^Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad h**hPc E'b&  8P!Pc@l(HBl(X Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h޵ E'b&  8P!>޵@l(JBl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hj E'b&  8P!j@l(Bl( ( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hq E'b&  8P!q@l(Bl( ( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hz E'b&  8P!z@l(>P7!Bc(P=f?mMF&a**j E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jj@l(xVBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c374564e-ef8c-4a80-8404-f4a427e7d63d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5497b891-d0f9-40c3-9d58-0ef11628aec6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. an**: E'b&  8P9!:@l(Bl(\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c({ **hj+ E'b&  8P!j+@l(Bl(\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**h E'b&  8P!@l(8Bl(L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**hܣ E'b&  8P!ܣ@l(8Bl(L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**h E'b&  8P!@l(Bl(\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hYB E'b&  8P!YB@l(Bl(\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h< E'b&  8P!<@l(gWBl(h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hλ E'b&  8P!λ@l(gWBl(h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**haX E'b&  8P!aX@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**he E'b&  8P!e@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hO E'b&  8P!O@l(Bl(tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**h: E'b&  8P!:@l(Bl(tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**x; E'b&  8P!!j;@l(Bl(t Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e718923f-257d-4f3a-b5a3-a644bc93315f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 64f048fd-a4e5-4b85-ae83-2c9d0633c0b9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**h\2g E'b&  8P!\2g@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h!s E'b&  8P!!s@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arsh**ha۪ E'b&  8P!a۪@l(cXBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h E'b&  8P!@l(cXBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h E'b&  8P!@l(Bl(LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h$ E'b&  8P!$@l(Bl(LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**x] E'b&  8P!!j]@l('YBl(0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c2665498-4598-407b-b712-8a862f1cd7c4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 18a616f7-9863-4526-a733-5f8ae75dadc2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**h E'b&  8P!@l(+YBl(X Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hB֎ E'b&  8P!B֎@l(+YBl(X Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hͦ E'b&  8P!ͦ@l(6YBl(pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h  E'b&  8P! @l(6YBl(pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a@ h**x%8&­ E'b&  8P!!j%8&­@l(Bl(X Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b191055e-9566-4fe6-bc6e-22221f4b3e50 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 010c8e1f-d455-49cc-b8bb-c68738f5cdb5 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**h A­ E'b&  8P!A­@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h }L­ E'b&  8P!}L­@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h 8 y­ E'b&  8P!8 y­@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h g­ E'b&  8P!g­@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h =ɜ­ E'b&  8P!=ɜ­@l(KZBl(0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**he­ E'b&  8P!e­@l(KZBl(0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h}­ E'b&  8P!}­@l(TZBl(HH Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h­ E'b&  8P!­@l(TZBl(HH Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a( h**hn E'b&  8P!n@l(ıBl(, \ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a( h**h[n E'b&  8P![n@l(ıBl(, \ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hss E'b&  8P!ss@l(Bl(d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h0$s E'b&  8P!0$s@l(Bl(d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hs E'b&  8P!s@l([Bl(xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h]os E'b&  8P!]os@l([Bl(xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**x`t E'b&  8P!!j`t@l(m[Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = dcc012e3-1475-4b98-96a8-137d73132483 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a28bcab0-f0e5-4e16-85ab-62b87952a7c7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hWm}t E'b&  8P!Wm}t@l(Bl(<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hct E'b&  8P!ct@l(Bl(<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**ht E'b&  8P!t@l(\Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hu E'b&  8P!u@l(\Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hsb! E'b&  8P!sb!@l(eBl(( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h-n! E'b&  8P!-n!@l(eBl(( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h& E'b&  8P!&@l(]Bl(4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h,}& E'b&  8P!,}&@l(]Bl(4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a@ h**h >& E'b&  8P!>&@l(]Bl(\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a@ h**h!Ԓ& E'b&  8P!Ԓ&@l(]Bl(\ !Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a@ h**x".ʐ' E'b&  8P!!j.ʐ'@l(cBl(\ "Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e329d73c-41c9-45f1-9ee4-77e70765402d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = fe1002e0-b843-4413-b986-c3d91efa0d01 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**h#v' E'b&  8P!v'@l(*]Bl( #Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h$a' E'b&  8P!a'@l(*]Bl( $Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h%{#( E'b&  8P!{#(@l(*Bl(D%Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h&`/( E'b&  8P!`/(@l(*Bl(D&Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h'̯ E'b&  8P!̯@l(Bl(\ ,'Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h(̯ E'b&  8P!̯@l(Bl(\ ,(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h)22ԯ E'b&  8P!22ԯ@l(e]Bl( )Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h*>ԯ E'b&  8P!>ԯ@l(e]Bl( *Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h+"aد E'b&  8P!"aد@l(]Bl(+Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h,poد E'b&  8P!poد@l(]Bl(,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &actih**h-hUد E'b&  8P!hUد@l(-Bl( -Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h.د E'b&  8P!د@l(-Bl( .Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**x/y;ٯ E'b&  8P!!jy;ٯ@l(Z^Bl( l/Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = fbc53552-982f-4cb6-aa7d-69d72c68a5c5 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8909966b-ceae-4da6-91b1-32f7dc9f5d1e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. d x**h0_ٯ E'b&  8P!_ٯ@l(Bl( 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h1Ljٯ E'b&  8P!Ljٯ@l(\^Bl( 1Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &actih**h2Ljٯ E'b&  8P!Ljٯ@l(Bl( 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Roh**h3dxٯ E'b&  8P!dxٯ@l(\^Bl( 3Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**h4ٯ E'b&  8P!ٯ@l(Bl(D $4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aessh**h5ٯ E'b&  8P!ٯ@l(Bl(D $5Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a } h**x6Ȫگ E'b&  8P!!jȪگ@l(Bl(D 6Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8519f879-de51-4b82-a79d-637a80d2ee63 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d0de2d91-e293-442a-9838-c401639f1b8c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**h7<$گ E'b&  8P!<$گ@l(Bl(0,7Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h8sg0گ E'b&  8P!sg0گ@l(Bl(0,8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h9گ E'b&  8P!گ@l(_Bl(9Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h:گ E'b&  8P!گ@l(_Bl(:Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h;dv E'b&  8P!dv@l(Bl(@;Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h< E'b&  8P!@l(Bl(@<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h= E'b&  8P!@l( `Bl(D =Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h>@ E'b&  8P!@@l( `Bl(D >Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h` E'b&  8P!j@l(`Bl(4?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*hs` E'b&  8P!s`@l(TBl(h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aterh**h E'b&  8P!@l(cUBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h E'b&  8P!@l(cUBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $ch**h}XB E'b&  8P!}XB@l(UBl(@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hP E'b&  8P!P@l(UBl(@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a ih**hPr E'b&  8P!Pr@l(UBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hO E'b&  8P!O@l(UBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a\SYhEM  E'b&  8Pssjj@l(xVBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @soft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &sh**ho`Ņ E'b&  8P!o`Ņ@l(Al(D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh-Windows-Pow E'b&  8PP & hElfChnk?? xy(P=f?mMF&a**? E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j@l(`Bl(4?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3008bf11-5623-4fb3-b52e-0a77e72b7da5 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 10d24f10-3106-4a19-839d-4fbe9b62dcd1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. an**@yE E'b&  8P9!yE@l(`Bl( @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c({ **hA*Q E'b&  8P!*Q@l(`Bl( AMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hBXn E'b&  8P!Xn@l(`Bl( BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**hCDz E'b&  8P!Dz@l(`Bl( CMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**xD@\ E'b&  8P!!j@\@l(aBl( DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 93f235a5-0608-44b0-81b5-26af67da2384 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8e53f159-de26-4bd3-8c7e-8e39bdaac48e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hE9 E'b&  8P!9@l(ӸBl(EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hF5  E'b&  8P!5 @l(ӸBl(FMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hG E'b&  8P!>@l(rBl(PۄMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h܄=ܟ E'b&  8P!=ܟ@l(rBl(P܄Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h݄m}' E'b&  8P!m}'@l(Bl( ݄Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hބ' E'b&  8P!'@l(Bl( ބMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h߄J<' E'b&  8P!J<'@l(sBl(@߄Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h ' E'b&  8P! '@l(sBl(@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hPSY E'b&  8P!jY"(@l(sBl(@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*h(aY E'b&  8P!(aY@l(Bl(h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aterh**h E'b&  8P!jY@l(Bl(h 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*h E'b&  8P!@l(cUBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $ch**h}XB E'b&  8P!}XB@l(UBl(@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hP E'b&  8P!P@l(UBl(@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a ih**hPr E'b&  8P!Pr@l(UBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hO E'b&  8P!O@l(UBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a\SYhEM  E'b&  8Pssjj@l(xVBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @soft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &sh**ho`Ņ E'b&  8P!o`Ņ@l(Al(D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh-Windows-Pow E'b&  8PP & hElfChnk00PE(P=f?mMF&a**Y"( E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jY"(@l(sBl(@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f98ccfb3-6de3-452c-a750-a103202ab1f2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4971f4fb-1272-420e-8101-b5ec80c23779 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. an**@PE( E'b&  8P9!@PE(@l( sBl(DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c({ **h;Q( E'b&  8P!;Q(@l( sBl(DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hdn( E'b&  8P!dn(@l("sBl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**heZ|( E'b&  8P!eZ|(@l("sBl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**x*5( E'b&  8P!!j*5(@l(Bl($Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 164b9536-4593-4609-bbb5-542c09221b72 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 431700f9-500e-437f-9e7f-e2b29645978e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hr( E'b&  8P!r(@l(Bl(0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h[!) E'b&  8P![!)@l(Bl(0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hL) E'b&  8P!L)@l(;Bl(0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h/UY) E'b&  8P!/UY)@l(;Bl(0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hVo) E'b&  8P!Vo)@l(BBl(( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hHy) E'b&  8P!Hy)@l(psBl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h |) E'b&  8P! |)@l(BBl(( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h ) E'b&  8P! )@l(psBl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**h(Ѷ E'b&  8P!(Ѷ@l(sBl(XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hwwѶ E'b&  8P!wwѶ@l(sBl(XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arsh**h:Iڶ E'b&  8P!:Iڶ@l(wBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hGڶ E'b&  8P!Gڶ@l(wBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hҳڶ E'b&  8P!ҳڶ@l(~Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hwڶ E'b&  8P!wڶ@l(~Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**x:B۶ E'b&  8P!!j:B۶@l("tBl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1e343ffe-d641-4731-8b94-ab22c4cad79d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c5a129fc-ee5c-44c8-a87f-4a68bd9abd8d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**h]۶ E'b&  8P!]۶@l(&tBl(@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hi۶ E'b&  8P!i۶@l(&tBl(@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h?۶ E'b&  8P!?۶@l(Bl(H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h۶ E'b&  8P!۶@l(Bl(H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a@ h**h p E'b&  8P! p@l(tBl(DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hσ E'b&  8P!σ@l(tBl(DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hX E'b&  8P!X@l(tBl(8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hn{d E'b&  8P!n{d@l(tBl(8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hw肍 E'b&  8P!w肍@l(tBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hx䏍 E'b&  8P!x䏍@l(tBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**x۴ E'b&  8P!!j۴@l(uBl(  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e76de58f-f713-4d9a-bcfa-4baf5b130d52 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = af0128f4-1f8d-43be-8a05-923b549195bc Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error.  x**h3 E'b&  8P!3@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h? E'b&  8P!?@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a( h**h0L E'b&  8P!0L@l(uBl(  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h7 E'b&  8P!7@l(uBl(  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hY. E'b&  8P!Y.@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h,l. E'b&  8P!,l.@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hO6 E'b&  8P!O6@l(vBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hZF6 E'b&  8P!ZF6@l(vBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h G8 E'b&  8P!G8@l('Bl(l \ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**h 8 E'b&  8P!8@l('Bl(l \ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**h 9 E'b&  8P!9@l(!vBl(@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**h 6!9 E'b&  8P!6!9@l(!vBl(@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**x t9 E'b&  8P!!jt9@l(vBl(| Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 685df177-b4ea-4757-849e-ef4c8d32bb97 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = bd4faa27-68c0-4ca2-916c-4c2bd2f403d3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hvP9 E'b&  8P!vP9@l(vBl( D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h<9 E'b&  8P!<9@l(vBl( D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h;(@ E'b&  8P!;(@@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h'4@ E'b&  8P!'4@@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a@ h**h'S@ E'b&  8P!'S@@l(vBl(dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h^@ E'b&  8P!^@@l(vBl(dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xP@ E'b&  8P!!jP@@l(,wBl(dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d658ce93-9473-4aef-be83-7f602d2ec824 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = bfd63c3d-4266-4f83-b5d6-d5e2e2ae489f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**h@ E'b&  8P!@@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h:@ E'b&  8P!:@@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hUA E'b&  8P!UA@l(~wBl(HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hRaA E'b&  8P!RaA@l(~wBl(HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hA E'b&  8P!A@l(dBl(L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hsA E'b&  8P!sA@l(dBl(L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h B E'b&  8P! B@l(wBl(4lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h%B E'b&  8P!%B@l(wBl(4lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**x+B E'b&  8P!!j+B@l(%Bl(4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 71fcb25f-7385-41df-b734-d846df28304a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4e5293c8-8aff-4d66-988a-1b2767e06933 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hTѲB E'b&  8P!TѲB@l(xBl(h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h4B E'b&  8P!4B@l(xBl(h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h B E'b&  8P!B@l(.Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h!B E'b&  8P!B@l(.Bl( !Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad h**x"ؼNC E'b&  8P!!jؼNC@l(xBl(  "Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 35bebd1e-5e79-4a43-a856-1d41fcc0e195 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4162e434-4c33-4011-8d37-f200ca575173 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**h#/DjC E'b&  8P!/DjC@l(tBl(@ #Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h$wC E'b&  8P!wC@l(tBl(@ $Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h%C E'b&  8P!C@l(xBl( 0%Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h&fC E'b&  8P!fC@l(xBl( 0&Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h'C E'b&  8P!C@l(yBl(( d 'Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h(4C E'b&  8P!4C@l(yBl(( d (Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h) 2C E'b&  8P! 2C@l(yBl( )Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h*))C E'b&  8P!))C@l(yBl( *Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $h**h+ E'b&  8P!@l(*yBl(P+Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h, E'b&  8P!@l(*yBl(P,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h-V E'b&  8P!V@l(yBl(-Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h.: E'b&  8P!:@l(yBl(.Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h/ E'b&  8P!@l(yBl(0/Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h0! E'b&  8P!!@l(yBl(00Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hPSY E'b&  8P!j@l(yBl(01Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*h(aY E'b&  8P!(aY@l(Bl(h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aterh**h E'b&  8P!jY@l(Bl(h 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*h E'b&  8P!@l(cUBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $ch**h}XB E'b&  8P!}XB@l(UBl(@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hP E'b&  8P!P@l(UBl(@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a ih**hPr E'b&  8P!Pr@l(UBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hO E'b&  8P!O@l(UBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a\SYhEM  E'b&  8Pssjj@l(xVBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @soft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &sh**ho`Ņ E'b&  8P!o`Ņ@l(Al(D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh-Windows-Pow E'b&  8PP & hElfChnk11 qNګ(P=f?mMF&a**1 E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j@l(yBl(01Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 31e0c6f2-0458-433e-98fc-6772e199a3b6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e435492a-e777-4730-945e-2696a94b2ace Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. an**2 E'b&  8P9!@l(yBl(H 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c({ **h3 E'b&  8P!@l(yBl(H 3Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**h4F# E'b&  8P!F#@l((zBl(4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**h5. E'b&  8P!.@l((zBl(5Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**h6 E'b&  8P!@l(Bl(6Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h7幣 E'b&  8P!幣@l(Bl(7Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h8B} E'b&  8P!B}@l(#Bl(\08Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h9hŧ E'b&  8P!hŧ@l(#Bl(\09Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h: 㧹 E'b&  8P! 㧹@l(zBl(X:Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h;粒 E'b&  8P!粒@l(zBl(X;Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**x<Ga E'b&  8P!!jGa@l(:{Bl(X<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1994445b-e86c-449a-9387-441cb96af4c6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 62cf9325-d62f-4f41-94ef-d47cc483e2f7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**h= E'b&  8P!@l(Bl(  =Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h> E'b&  8P!@l(Bl(  >Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**h? E'b&  8P!@l({Bl(?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h@2 E'b&  8P!2@l({Bl(@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arsh**hAFwF E'b&  8P!FwF@l(Bl( HAMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hBVŷF E'b&  8P!VŷF@l(Bl( HBMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hC,YgN E'b&  8P!,YgN@l({Bl(hCMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hDnwN E'b&  8P!nwN@l({Bl(hDMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hEJO E'b&  8P!JO@l(8|Bl(D EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hFO E'b&  8P!O@l(8|Bl(D FMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hGLO E'b&  8P!LO@l(;|Bl( 8 GMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hHO E'b&  8P!O@l(;|Bl( 8 HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**xIVP E'b&  8P!!jVP@l(Bl( lIMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1c923bd2-9d53-47e0-97e0-74a93f2cc3aa Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 62713f9d-ee37-4ec2-9e51-4b41f6a2ee40 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @ x**hJ`P E'b&  8P!`P@l(m|Bl( JMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hK9ސP E'b&  8P!9ސP@l(m|Bl( KMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hL~R E'b&  8P!~R@l(|Bl( LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hMR E'b&  8P!R@l(|Bl( MMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hN|R E'b&  8P!|R@l(>Bl(pNMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hOR E'b&  8P!R@l(>Bl(pOMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xP­1S E'b&  8P!!j­1S@l(P}Bl(pPMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f1d3b8e9-321a-4d5a-a188-ef439852c46c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = eb0f216b-fc49-487e-a9a3-e846555565fb Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error.  x**hQZS E'b&  8P!ZS@l(Q}Bl( QMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hReS E'b&  8P!eS@l(Q}Bl( RMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a( h**hSS E'b&  8P!S@l(]}Bl( SMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hT S E'b&  8P! S@l(]}Bl( TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xU3S E'b&  8P!!j3S@l(TBl( UMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0800de59-1e8c-4993-9703-532a33853800 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 19f4b0bd-8bba-47fe-85e6-83ee139cd6d6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hVT E'b&  8P!T@l(}Bl(40VMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hWl$T E'b&  8P!l$T@l(}Bl(40WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hXdPT E'b&  8P!dPT@l(kBl(|XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hYS_T E'b&  8P!S_T@l(kBl(|YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hZ֮uT E'b&  8P!֮uT@l(\~Bl((ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h[ T E'b&  8P! T@l(\~Bl(([Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h\VT E'b&  8P!VT@l(`~Bl(< \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h]RBT E'b&  8P!RBT@l(`~Bl(< ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**h^7 E'b&  8P!7@l(?Bl(d ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h_k+G E'b&  8P!k+G@l(?Bl(d _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h`[ E'b&  8P![@l(LBl(`P `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hai E'b&  8P!i@l(LBl(`P aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a@ h**hb- E'b&  8P!-@l(?Bl( bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hc:a E'b&  8P!:a@l(?Bl( cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xd:@ E'b&  8P!!j:@@l(Bl( dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = be0e44a7-e3aa-4c24-8fa1-9975fd09ae3e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 05abd432-fd4a-4169-a9a4-bd8d668c4412 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**he] E'b&  8P!]@l(Bl( eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hfTj E'b&  8P!Tj@l(Bl( fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hgl E'b&  8P!l@l(:Bl(tgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hh E'b&  8P!@l(:Bl(thMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hi E'b&  8P!@l(Bl( iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hj i E'b&  8P! i@l(Bl( jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hk?] E'b&  8P!?]@l(πBl( kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hlHhn E'b&  8P!Hhn@l(πBl( lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hmo E'b&  8P!o@l(ՀBl(8 mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hniࣸ E'b&  8P!iࣸ@l(ՀBl(8 nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xob6 E'b&  8P!!jb6@l(8Bl(8DoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c259fede-c9e0-4285-8d9c-124e8b86c69a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f8672c80-9f4d-479a-bfd0-791f32217e5d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hpMV E'b&  8P!MV@l(Bl( pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hqd E'b&  8P!d@l(Bl( qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad h**hr빻 E'b&  8P!빻@l(Bl( rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hsu E'b&  8P!u@l(Bl( sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**ht_ E'b&  8P!_@l(XBl(X 0tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hu6_ E'b&  8P!6_@l(XBl(X 0uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hv v(P=f?mMF&a**یk E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jیk@l(SBl(, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 642b1887-6220-4a0e-b95c-692967ca7fd4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e90c4ff0-19b2-4ad6-9a94-738ef4883c8e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. an**V{k E'b&  8P9!V{k@l(WBl(tlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c({ **hik E'b&  8P!ik@l(WBl(tlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hKhl E'b&  8P!Khl@l(Bl(tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**hgtl E'b&  8P!gtl@l(Bl(tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hp E'b&  8P!p@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hEp E'b&  8P!Ep@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hɡ!q E'b&  8P!ɡ!q@l(#Bl(t Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h(0q E'b&  8P!(0q@l(#Bl(t Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**xXq E'b&  8P!!jXq@l(Bl(tD Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 187167c3-308d-43af-bada-2b54ef3a9913 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7be4c750-e779-4035-9bba-9447196ff1c0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**h:Vq E'b&  8P!:Vq@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hBq E'b&  8P!Bq@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**h_q E'b&  8P!_q@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hr E'b&  8P!r@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**xtr E'b&  8P!!jtr@l(pBl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = abb3088d-d919-4dae-96bf-538c11316b54 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ebf8c563-4fb1-4e8f-9ccf-dc80fbe3fe31 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 0-x**hIr E'b&  8P!Ir@l(qBl(PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**hr E'b&  8P!r@l(qBl(PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**hֺr E'b&  8P!ֺr@l(Bl(L8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h3I E'b&  8P!3I@l(Bl(>Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aapth**h?4kk E'b&  8P!4kk@l(Bl( ?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a# sh**h@_x E'b&  8P!_x@l(Bl( @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hA7 E'b&  8P!7@l( Bl( HAMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arsth**hB# E'b&  8P!#@l( Bl( HBMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aFirh**hC4 E'b&  8P!4@l(,Bl(tCMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a2e7h**hDs@ E'b&  8P!s@@l(,Bl(tDMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aUseh**hE_ E'b&  8P!_@l(mBl(@ EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a@h**hFqɗ E'b&  8P!qɗ@l(mBl(@ FMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a@h**hG E'b&  8P!@l(bBl(0 GMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hH"% E'b&  8P!"%@l(bBl(0 HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hIr E'b&  8P!r@l(Bl(D IMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hJQ E'b&  8P!Q@l(Bl(D JMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xKi E'b&  8P!!ji@l(Bl(KMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 31661973-c87f-409d-ab94-41b64f344d66 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d0ec6e70-4dcd-4de2-8b5a-c5c57c976372 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hL ! E'b&  8P! !@l(Bl(LLMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8 h**hM!0 E'b&  8P!!0@l(Bl(LMMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8 h**hN~s E'b&  8P!~s@l(TBl($ NMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aXh**hO E'b&  8P!@l(TBl($ OMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aXh**hP? E'b&  8P!?@l(4Bl( 8PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hQ}p* E'b&  8P!}p*@l(4Bl( 8QMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xRj E'b&  8P!!jj@l(Bl( RMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5de77cc4-7ab5-4afc-a72c-4bb86bddd793 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1c1c71ee-1e02-4566-8f04-1f734c239702 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hSɛ E'b&  8P!ɛ@l(Bl(`SMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hT%Vכ E'b&  8P!%Vכ@l(Bl(`TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hUy E'b&  8P!y@l(Bl(LUMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hVV E'b&  8P!V@l(Bl(LVMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a;@hf<ŏZMicrosoft E'b&  8P**jl@l(Bl(L WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @<ŏZMicrosoft-Windows-PowerShell/Operational &osoh-Windows-Pow E'b&  8PP & hElfChnkWW(4ļY(P=f?mMF&a**Wl E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jl@l(Bl(L WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a4b2b437-a2b3-46fa-bf31-3e70ce608238 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = cfa122d1-f6ac-475c-81a4-cfc198da2cf1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. an**X釈 E'b&  8P9!釈@l(Bl(LXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c({ **hYɓ E'b&  8P!ɓ@l(Bl(LYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hZC E'b&  8P!C@l(Bl(hZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**h[/œ E'b&  8P!/œ@l(Bl(h[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**h\o E'b&  8P!o@l(>Bl(\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h]\ E'b&  8P!\@l(>Bl(]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h^:  E'b&  8P!: @l(HBl( <^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h_% E'b&  8P!%@l(HBl( <_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h`7J E'b&  8P!7J@l(Bl( `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**haؗJ E'b&  8P!ؗJ@l(Bl( aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hbRM E'b&  8P!RM@l(PBl(<bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hcNN E'b&  8P!NN@l(PBl(<cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hdf$N E'b&  8P!f$N@l(TBl( dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**heҁ1N E'b&  8P!ҁ1N@l(TBl( eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**xf6^N E'b&  8P!!j6^N@l(Bl(` fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1f110612-eda8-4cf0-b652-26284b9f5a85 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8885be54-36d8-45a5-b4b8-8efe69895a1a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rsx**hgGN E'b&  8P!GN@l(Bl(PgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hhoN E'b&  8P!oN@l(Bl(PhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hie!|O E'b&  8P!e!|O@l(ڑBl(P iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hj:ƈO E'b&  8P!:ƈO@l(ڑBl(P jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hko[ E'b&  8P!o[@l(Bl( kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hl%p E'b&  8P!%p@l(Bl( lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hm E'b&  8P!@l(rBl(L, mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**hn? E'b&  8P!?@l(rBl(L, nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**ho E'b&  8P!@l(1Bl(l oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aqueh**hp%  E'b&  8P!% @l(1Bl(l pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**xq E'b&  8P!!j@l(Bl(qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8275946f-2ecf-4f44-ad1d-667bcf0dd994 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 57b6038c-d7dd-4613-be29-c5996ddc0c89 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ŝ E'b&  8P!>ŝ@l( Bl(h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hnb E'b&  8P!nb@l(1Cl(,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hIr E'b&  8P!Ir@l(1Cl(,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h͜ E'b&  8P!͜@l(Bl(D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hª E'b&  8P!ª@l(Bl(D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hE E'b&  8P!E@l(`Cl(L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h E'b&  8P!@l(`Cl(L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hQ E'b&  8P!Q@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h]a E'b&  8P!]a@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xj* E'b&  8P!!jj*@l( Cl( d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 905248eb-14a9-41cc-b307-d6c638349351 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a204cf82-9ca7-401b-a725-c1b14afca70c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hs E'b&  8P!s@l( Cl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hT E'b&  8P!T@l( Cl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arsh**h٩ E'b&  8P!٩@l(* Cl(\XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h` E'b&  8P!`@l(* Cl(\XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h E'b&  8P!@l(M Cl(xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h%P E'b&  8P!%P@l(M Cl(xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**xf E'b&  8P!!jf@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 21510d3b-7fb6-4949-bdec-fa0303e95b6f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 3c495381-e2e7-465d-a140-7514e6714380 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**h†_m E'b&  8P!_m@l(Bl(h†Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hÆ@  E'b&  8P!@ @l(Bl(hÆMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hĆ+ E'b&  8P!+@l( Cl(4 ĆMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hņy E'b&  8P!y@l( Cl(4 ņMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**xƆCK E'b&  8P!!jCK@l(oBl(4ƆMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3342500d-c39a-422a-8209-4cfadaf9d6d9 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5c1c5a34-37f3-4ac2-9879-04d9dc566b68 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. . E'b&  8P!q>.@l(rBl( D چMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hۆ ^J. E'b&  8P! ^J.@l(rBl( D ۆMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h܆3 E'b&  8P!3@l(Cl( ܆Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h݆t3 E'b&  8P!t3@l(Cl( ݆Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hކfl3 E'b&  8P!fl3@l(žBl(8 ކMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h߆j3 E'b&  8P!j3@l(žBl(8 ߆Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xS84 E'b&  8P!!jS84@l(#Bl(8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b706c10b-7c22-436f-81d5-78cb7ea2dea3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 060cadec-6ab1-466d-b0b2-7a9124d2a72b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hEd4 E'b&  8P!Ed4@l(Cl(,H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hap4 E'b&  8P!ap4@l(Cl(,H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hi4 E'b&  8P!i4@l([Bl( ( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h 4 E'b&  8P! 4@l([Bl( ( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aerh**h E'b&  8P!@l(TCl(D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &awerh**h E'b&  8P!@l(TCl(D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &awerh**h~ E'b&  8P!~@l(UCl(TDMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &awerh**h< E'b&  8P!<@l(UCl(TDMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &awerh**hUA E'b&  8P!UA@l(_Cl( L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h#O E'b&  8P!#O@l(_Cl( L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hd E'b&  8P!d@l(Bl(@t Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h  E'b&  8P! @l(Bl(@t Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**x2% E'b&  8P!!j2%@l(+Bl(@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3e2532f9-2c14-4540-80af-00ff81cf16a9 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a047ecb3-4f52-4066-bb34-1e000d590274 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. sox**hkBH E'b&  8P!kBH@l(.Bl(P \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h8.T E'b&  8P!8.T@l(.Bl(P \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h E'b&  8P!@l(ZCl(T Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Hh**h}N E'b&  8P!}N@l(ZCl(T Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atoph**h6 E'b&  8P!6@l(VBl(@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceMh**h E'b&  8P!@l(VBl(@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &anteh**x,S E'b&  8P!!j,S@l(Cl(\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3ad5bc7c-7517-4115-9787-600c25e3ae25 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = aa9419fa-286e-41ce-803c-a238f4bb9708 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hqx E'b&  8P!qx@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h\ E'b&  8P!\@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h E'b&  8P!@l(Cl(L tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h E'b&  8P!@l(Cl(L tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aoph**x E'b&  8P!!j@l(BBl(L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9d2a5180-e525-4907-900d-cbb71e3eda00 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5c8b73ba-0883-4d97-89a3-82414f25b8f2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. sox**h73 E'b&  8P!73@l(Cl(`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h@ E'b&  8P!@@l(Cl(`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hG E'b&  8P!G@l(6Cl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah 8PP & hElfChnkVV`Mh)f(=f?mMF&**XF E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!F@l(6Cl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hA, E'b&  8P!A,@l(HCl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**h8 E'b&  8P!8@l(HCl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**hvN E'b&  8P!vN@l(ǡBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**h\ E'b&  8P!\@l(ǡBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**hݤݓ E'b&  8P!ݤݓ@l(Cl(8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &00-h**h0 E'b&  8P!0@l(Cl(8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**h E'b&  8P!@l('Cl( , Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nfih**h=˜ E'b&  8P!=˜@l('Cl( , Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Conh**h7 E'b&  8P!7@l(.Cl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**h E'b&  8P!@l(.Cl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**@q E'b&  8P!jq@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4c5894e2-b0d8-474f-89df-7da3ceb7429b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a7a5471c-52b6-44b9-950a-36de3858dc4f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**h { E'b&  8P!{@l(Bl(H  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h g E'b&  8P!g@l(Bl(H  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h   E'b&  8P! @l(ƢBl(4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h  E'b&  8P!@l(ƢBl(4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h F E'b&  8P!F@l(VCl(8  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h@oF E'b&  8P!@oF@l(VCl(8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h@тK E'b&  8P!@тK@l(ABl(8 $Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hPK E'b&  8P!PK@l(ABl(8 $Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hͶK E'b&  8P!ͶK@l(DBl(@ t Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h'K E'b&  8P!'K@l(DBl(@ t Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**xLL E'b&  8P!!jLL@l(Bl(@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6ec05342-3f2f-47cd-897f-66351c466b8b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c9722650-f3f4-4dea-9363-8c3702fe7fa2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**hoL E'b&  8P!oL@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hL E'b&  8P!L@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**htL E'b&  8P!tL@l(VBl(  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h< M E'b&  8P!< M@l(VBl(  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hn E'b&  8P!n@l(Cl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hN  E'b&  8P!N @l(Cl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hzn E'b&  8P!zn@l(Cl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h E'b&  8P!@l(Cl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**h} E'b&  8P!}@l(Cl(T  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**he/ E'b&  8P!e/@l(Cl(T  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hL[ E'b&  8P!L[@l(2Bl( D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hi E'b&  8P!i@l(2Bl( D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**x # E'b&  8P!!j#@l(Cl(  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3c494704-18fa-4946-90be-baf0875fe953 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e771fb2a-b84d-4041-be77-6e737e8d164d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. uex**h!R E'b&  8P!R@l(mBl($\!Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h"f) E'b&  8P!f)@l(mBl($\"Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h#"\ E'b&  8P!"\@l(Cl(#Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h$tl E'b&  8P!tl@l(Cl($Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h%М E'b&  8P!М@l(ΥBl(< %Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h&# E'b&  8P!#@l(ΥBl(< &Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**x'c E'b&  8P!!jc@l(Cl(< 'Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 45074f6c-3dba-4ba0-a52e-a22b4914197e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8a76ce48-1dd9-4cd0-a79b-89e4461b98ec Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**h(~E E'b&  8P!~E@l(Bl( (Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h)S E'b&  8P!S@l(Bl( )Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h*r E'b&  8P!r@l('Bl(t*Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h+Tր E'b&  8P!Tր@l('Bl(t+Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**x,S E'b&  8P!!jS@l(WCl(t,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 45874129-7f2d-42ca-886b-3bdba6d5cf81 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 55bc8cdc-71e3-485c-83c5-0936ccdc133b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h-y E'b&  8P!y@l([Cl(4-Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h. E'b&  8P!@l([Cl(4.Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h/) E'b&  8P!)@l(\Cl(p /Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h0z9 E'b&  8P!z9@l(\Cl(p 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h1 ZR E'b&  8P! ZR@l(Bl( 1Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h2l)a E'b&  8P!l)a@l(Bl( 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h3r E'b&  8P!r@l(Bl(x D 3Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h43 E'b&  8P!3@l(Bl(x D 4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h5 P E'b&  8P! P@l(SBl( 5Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h6݆^ E'b&  8P!݆^@l(SBl( 6Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h7r-n E'b&  8P!r-n@l(Cl( D7Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h8~ E'b&  8P!~@l(Cl( D8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h9 E'b&  8P!@l(Bl(T 9Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h:W E'b&  8P!W@l(Bl(T :Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**x;, E'b&  8P!!j,@l(UCl(Tl;Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 48a64d2e-320d-4609-96bd-eb550059218c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ca0a3097-32de-4901-90c7-6077ae39d36b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**h<DL E'b&  8P!DL@l(YCl(<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h=h[ E'b&  8P!h[@l(YCl(=Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h>ز E'b&  8P!ز@l(2Bl(L>Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h?q E'b&  8P!q@l(2Bl(L?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h@7V _ E'b&  8P!7V _@l(Cl(@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hAo._ E'b&  8P!o._@l(Cl(AMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hBG>d E'b&  8P!G>d@l(Cl(x @BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hC;Ld E'b&  8P!;Ld@l(Cl(x @CMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hD'nd E'b&  8P!'nd@l(Bl(lDMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hE|d E'b&  8P!|d@l(Bl(lEMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**xFyd E'b&  8P!!jyd@l("Bl(FMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 69909b11-3a67-4f59-a7f2-0ffd5f69cfba Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d64b0569-3a81-42f3-b030-943d87e4f030 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**hGe E'b&  8P!e@l(Cl(\ GMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hH(!e E'b&  8P!(!e@l(Cl(\ HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hIe E'b&  8P!e@l(Bl(0IMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hJze E'b&  8P!ze@l(Bl(0JMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hKrl E'b&  8P!rl@l(SCl(,hKMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hL m E'b&  8P! m@l(SCl(,hLMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hMa  E'b&  8P!a @l(Cl(MMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hN  E'b&  8P! @l(Cl(NMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hOo E'b&  8P!o@l(Bl(` 8OMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hP E'b&  8P!@l(Bl(` 8PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hQM E'b&  8P!M@l(Cl( P QMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hR* E'b&  8P!*@l(Cl( P RMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hSD E'b&  8P!D@l(|Bl(h SMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hT E'b&  8P!@l(|Bl(h TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Coh**xU ^ E'b&  8P!!j ^@l( Cl(hUMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3baf40e1-7c5d-45fc-b995-b29d0c9aa7b3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c3519a6a-b2f4-4849-8bb6-5f7996d52006 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8x**hVj E'b&  8P!j@l(Bl(, VMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8hP! E'b&  8Ps-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah 8PP & hElfChnkWWX;9&(=f?mMFQ&**XWwX E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!wX@l(Bl(, WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hX E'b&  8P!@l(Bl(t XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hY! E'b&  8P!!@l(Bl(t YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**hZB E'b&  8P!B@l(ڪBl(p ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**h[Y* E'b&  8P!Y*@l(ڪBl(p [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**@\ƣ E'b&  8P!jƣ@l(!Cl(p \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Qp;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8c32934e-872c-4713-a594-8cf7f373b73e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 64e5507b-b942-4048-acd7-3544cd339ef4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**h] E'b&  8P!@l(6Bl(P ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & (-h**h^ E'b&  8P!@l(6Bl(P ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**h_0Q E'b&  8P!0Q@l(9Bl( _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ct h**h` E'b&  8P!@l(9Bl( `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &$mah**xaMr E'b&  8P!!jMr@l("Cl( @aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9d3d3fa0-42ff-4f21-be34-ff4cdad4bf27 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = aed081b6-c556-4232-906c-aa07ad24f938 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ." E'b&  8P!>."@l(Q(Cl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &inh**hKb* E'b&  8P!Kb*@l(V(Cl( D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h}o* E'b&  8P!}o*@l(V(Cl( D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h+ E'b&  8P!+@l(k(Cl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hӝ+ E'b&  8P!ӝ+@l(k(Cl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hN+ E'b&  8P!N+@l(Bl(4xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hb+ E'b&  8P!b+@l(Bl(4xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**x0r, E'b&  8P!!j0r,@l(()Cl(4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 75ae09d4-6c14-4790-bb37-b15e94aef0e8 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5422ea75-35d3-47cf-951e-f3b46e59667f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h , E'b&  8P! ,@l(,Bl(8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h콰, E'b&  8P!콰,@l(,Bl(8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h- E'b&  8P!-@l(D)Cl(L 8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hgV- E'b&  8P!gV-@l(D)Cl(L 8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hu - E'b&  8P!u -@l(N)Cl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h;- E'b&  8P!;-@l(N)Cl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**x'xC. E'b&  8P!!j'xC.@l(3*Cl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f86aa6ac-336e-4fb8-9ba5-77c42d08bcdb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 3847233e-9a07-40d7-b91a-7cd385987389 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hWc. E'b&  8P!Wc.@l(7*Cl(xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**hp. E'b&  8P!p.@l(7*Cl(xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**h. E'b&  8P!.@l(*Cl(tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hm. E'b&  8P!m.@l(*Cl(tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**h2 E'b&  8P!2@l(*Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hh2 E'b&  8P!h2@l(*Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &inh**h{3 E'b&  8P!{3@l(*Cl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hr3 E'b&  8P!r3@l(*Cl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**x3 E'b&  8P!!j3@l(+Cl(PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7aac3439-7a03-47e9-b0e9-48868b3dc385 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 457bf4f1-c150-474f-8daf-eb08603ebca0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hp:3 E'b&  8P!p:3@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**h3 E'b&  8P!3@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**h3 E'b&  8P!3@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**h3 E'b&  8P!3@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**xKgU4 E'b&  8P!!jKgU4@l(;,Cl(tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e7e354fe-5ac6-45d8-b003-18c52e65836d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 982804ff-1324-4da2-9759-e46617651166 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Bl(8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hRc E'b&  8P!Rc@l(>Bl(8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h z E'b&  8P! z@l(>Cl(8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h! E'b&  8P!!@l(>Cl(8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aSch**h E'b&  8P!@l(?Cl(8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a6-h**h E'b&  8P!@l(?Cl(8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**hn E'b&  8P!n@l(Bl(pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**h E'b&  8P!@l(Bl(pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**xZp E'b&  8P!!jZp@l(xBl(H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 68787c17-6db2-49d0-bc53-54c42c93e1b3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 51039935-8a31-446a-9313-c24154007db1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**h+ E'b&  8P!+@l(T?Cl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hOc E'b&  8P!Oc@l(T?Cl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a-nh**h "TF E'b&  8P!"TF@l(=Bl(xD Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h!?R E'b&  8P!?R@l(=Bl(xD !Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h" E'b&  8P!@l(1@Cl(L "Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h#7 E'b&  8P!7@l(1@Cl(L #Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h$ E'b&  8P!@l(i@Cl($Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h% E'b&  8P!@l(i@Cl(%Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h&HF E'b&  8P!HF@l(Bl(0 &Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h' E'b&  8P!@l(Bl(0 'Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**x(YCG E'b&  8P!!jYCG@l(%ACl(0 (Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 540548f9-95c8-4f91-8eee-d9bc8af579cb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = da5f5b82-14ca-43dc-924f-8a28c1398d1b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**h)Ee E'b&  8P!Ee@l('ACl(T H)Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**h*s E'b&  8P!s@l('ACl(T H*Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h+ E'b&  8P!@l(Bl(( +Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h,= E'b&  8P!=@l(Bl(( ,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h- 0k E'b&  8P! 0k@l(BCl(p-Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h.>k E'b&  8P!>k@l(BCl(p.Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h/$s E'b&  8P!$s@l(BCl( /Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h0gYs E'b&  8P!gYs@l(BCl( 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h1/u E'b&  8P!/u@l(BCl( < 1Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h2R){ E'b&  8P!R){@l(HDCl(>Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a {h**h?R{ E'b&  8P!R{@l(Bl(?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h@;ۢ{ E'b&  8P!;ۢ{@l(Bl(@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hA} E'b&  8P!}@l(DCl(<4AMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (h**hB} E'b&  8P!}@l(DCl(<4BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hC1{} E'b&  8P!1{}@l(kBl( 4CMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hD} E'b&  8P!}@l(kBl( 4DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**xE;C~ E'b&  8P!!j;C~@l(\Bl( EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f2e6304b-df8c-40d8-a4fb-1412ca0de880 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0dfb6329-f055-42f7-8a68-8a508029d33a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hF'k~ E'b&  8P!'k~@l(]Bl(FMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hG5y~ E'b&  8P!5y~@l(]Bl(GMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hH9~ E'b&  8P!9~@l(hBl(HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hI~ E'b&  8P!~@l(hBl(IMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**xJ} E'b&  8P!!j}@l(JBl(T JMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ca015c6b-1d23-44b2-a78a-5e4e51dad5bb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9cf5c6a8-d5e3-4794-a59a-f506ac7ff870 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. h E'b&  8P!>h@l(LCl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h E'b&  8P!@l(LCl( $Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hm E'b&  8P!m@l(LCl( $Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h֦ E'b&  8P!֦@l(TBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h E'b&  8P!@l(TBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hG E'b&  8P!G@l(LCl(xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hc E'b&  8P!c@l(LCl(xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hS> E'b&  8P!S>@l(Bl( < Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h#? E'b&  8P!#?@l(Bl( < Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hA E'b&  8P!A@l(NCl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hPA E'b&  8P!PA@l(NCl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h7A E'b&  8P!7A@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hA E'b&  8P!A@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**x B E'b&  8P!!j B@l(NCl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e62fa1d6-3dc6-4d9d-805f-e640f9e4ef95 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 96f795fc-7cd6-4407-a72d-9a3aa62af0ae Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**hPB E'b&  8P!PB@l(NCl(tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h]B E'b&  8P!]B@l(NCl(tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hXC E'b&  8P!XC@l(NCl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hE$C E'b&  8P!E$C@l(NCl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h E'b&  8P!@l(OCl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hc E'b&  8P!c@l(OCl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hg E'b&  8P!g@l(PCl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hg E'b&  8P!g@l(PCl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hI% E'b&  8P!I%@l(PCl(lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hs E'b&  8P!s@l(PCl(lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xU E'b&  8P!!jU@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c6a770ec-9a7d-4aad-bac6-62386052bbda Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 2491581d-0798-4ac3-b847-e590ba93b962 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**hx E'b&  8P!x@l(kPCl( H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h5 E'b&  8P!5@l(kPCl( H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h2 E'b&  8P!2@l(\Bl(0H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h E'b&  8P!@l(\Bl(0H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hT* E'b&  8P!T*@l(`Bl( H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h8 E'b&  8P!8@l(`Bl( H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**h&9 E'b&  8P!&9@l(QCl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h) E'b&  8P!)@l(QCl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h** J3 E'b&  8P !jJ3@l(hBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational "p Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 592b064a-a86b-4bd3-b5c8-3f938176e636 Host Application = powershell.exe -NoProfile -NonInteractive -Command try { $ErrorActionPreference = "Stop" $ProgressPreference = "SilentlyContinue" $modules = Get-InstalledModule -ErrorAction SilentlyContinue if ($modules) { foreach ($mod in $modules) { [PSCustomObject]@{ Name = $mod.Name Version = $mod.Version.ToString() Repository = $mod.Repository Author = $mod.Author } | ConvertTo-Json -Compress Write-Output "---SEPARATOR---" } } } catch { Write-Error $_.Exception.Message; exit 1 } Engine Version = 4.0 Runspace ID = 422c955b-b5f7-45cb-8bd0-62cb1a6dd79f Pipeline ID = 1 Command Name = Command Type = Script Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The term 'Get-InstalledModule' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Fully Qualified Error ID = Microsoft.PowerShell.Commands.WriteErrorException ig **h{ E'b&  8P!{@l(tBl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onfh**h,r E'b&  8P!,r@l(tBl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rCoh**ho E'b&  8P!o@l(gRCl(\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & igh**h E'b&  8P!@l(gRCl(\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hz E'b&  8P!z@l(hRCl(XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &r Mh**hɥ E'b&  8P!ɥ@l(hRCl(XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**h-ޥ E'b&  8P!-ޥ@l(RCl(8TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**h1 E'b&  8P!1@l(RCl(8TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**h24 E'b&  8P!24@l(,Bl(0H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hB E'b&  8P!B@l(,Bl(0H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werhell/Operational &ah 8PP & hElfChnk`k(P=f?mMF&a** E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j@l(Bl(0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2e8888b6-ed41-400e-adaa-9599438a5917 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = fbbaec85-7c1a-4147-b9a9-c7892a902f1a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ac ** E'b&  8P9!@l(RCl( @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c(d **h~ E'b&  8P!~@l(RCl( @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aaceh**hcbo E'b&  8P!cbo@l(PBl(`L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**h5 E'b&  8P!5@l(PBl(`L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**h E'b&  8P!@l(SBl(0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**hJz E'b&  8P!Jz@l(SBl(0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**xQ E'b&  8P!!jQ@l(SCl(0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 207a3719-a739-478b-9c86-71fece272afd Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 14880140-e072-4b9f-916a-c78103738f03 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error.  E'b&  8P!>@l(UCl(H LjMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af[Cl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2fdb92ee-53bf-448a-8ead-11c1ae6b72f0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d718fd6d-e606-41c0-85c6-ac0ae69db042 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. >w E'b&  8P!]>>w@l(]Cl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nfih**huOw E'b&  8P!uOw@l(]Cl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Conh**h`ow E'b&  8P!`ow@l(uBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**h|w E'b&  8P!|w@l(uBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**@g x E'b&  8P!jg x@l(^Cl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 10d8b42a-521d-48f5-98df-74f2594dfc56 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = cf43bede-5396-47cf-928d-4fa4f057154b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -@**h j?&x E'b&  8P!j?&x@l(^Cl(p  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h +2x E'b&  8P!+2x@l(^Cl(p  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h x E'b&  8P!x@l(BBl(p Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h  x E'b&  8P! x@l(BBl(p Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h Kq" E'b&  8P!Kq"@l(Bl(H  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hku" E'b&  8P!ku"@l(Bl(H  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**h* E'b&  8P!*@l(_Cl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h"* E'b&  8P!"*@l(_Cl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h@D* E'b&  8P!@D*@l(Bl( 0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hdJS* E'b&  8P!dJS*@l(Bl( 0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**x * E'b&  8P!!j *@l(`Cl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 164dcaaf-deee-4fc3-b0ad-45831fdd494a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a6f55df9-1b50-4f55-b755-fc59d874a0d1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**h'+ E'b&  8P!'+@l(4Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h+ E'b&  8P!+@l(4Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h+ E'b&  8P!+@l(EaCl(< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h+ E'b&  8P!+@l(EaCl(< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hUW E'b&  8P!UW@l(&bCl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hNe E'b&  8P!Ne@l(&bCl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hz E'b&  8P!z@l('bCl(P Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h^ E'b&  8P!^@l('bCl(P Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hQz E'b&  8P!Qz@l(KbCl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hy* E'b&  8P!y*@l(KbCl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hjr E'b&  8P!jr@l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hm  E'b&  8P!m @l(Bl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Coh**x C E'b&  8P!!jC@l(tBl(( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e38fcb8f-3b73-40bb-a244-645123977b7c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 14fe4e3d-28d2-4d5c-90ba-98199e8e12a4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8x**h!< E'b&  8P!<@l(xBl( !Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h"9K E'b&  8P!9K@l(xBl( "Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h#t0 E'b&  8P!t0@l(Bl(X #Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h$W@> E'b&  8P!W@>@l(Bl(X $Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h% e E'b&  8P! e@l( cCl(H %Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h&"v E'b&  8P!"v@l( cCl(H &Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**x' E'b&  8P!!j@l([cCl(H 'Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8c2f8f89-2875-41a5-a389-33a8d8bcde36 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 272e78fc-afd3-49c1-8163-44fa2544472d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**h( E'b&  8P!@l(\cCl((Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h)O E'b&  8P!O@l(\cCl()Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h*E> E'b&  8P!E>@l(qBl(d *Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h+IM E'b&  8P!IM@l(qBl(d +Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**x,b/ E'b&  8P!!jb/@l(Bl( ,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 132ccadb-79ed-4364-aaaf-7a2aa87fc63e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = edc060f8-01c5-45f7-a314-1409e2e14d9b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**h-{= E'b&  8P!{=@l(dCl(4 L -Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**h.( E'b&  8P!(@l(dCl(4 L .Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h/ E'b&  8P!@l(dCl(@ h /Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h0^ E'b&  8P!^@l(dCl(@ h 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h1v* E'b&  8P!v*@l(MBl(l1Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h29 E'b&  8P!9@l(MBl(l2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h3b E'b&  8P!b@l(^Bl(H X 3Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h4ECp E'b&  8P!ECp@l(^Bl(H X 4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h5I E'b&  8P!I@l(eCl( 5Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h6X E'b&  8P!X@l(eCl( 6Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h76? E'b&  8P!6?@l(UeCl( 7Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h8 +M E'b&  8P! +M@l(UeCl( 8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**h9Op E'b&  8P!Op@l(YeCl(d9Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h:՘} E'b&  8P!՘}@l(YeCl(d:Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**x;E E'b&  8P!!jE@l(eCl(;Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 76c536e5-f900-4944-9a27-3acba27984d1 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7193f66d-2b32-4dfd-ad30-84cadcd7a120 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h<e E'b&  8P!e@l(UBl(l <Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h=F( E'b&  8P!F(@l(UBl(l =Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h>V E'b&  8P!V@l(Bl(L >Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h?z E'b&  8P!z@l(Bl(L ?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h@3; E'b&  8P!3;@l(GgCl( @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hA8f-; E'b&  8P!8f-;@l(GgCl( AMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hB]JB E'b&  8P!]JB@l(gCl(< BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hC#B E'b&  8P!#B@l(gCl(< CMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hDOFB E'b&  8P!OFB@l(Bl( DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hEoUB E'b&  8P!oUB@l(Bl( EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**xFB E'b&  8P!!jB@l(Bl( FMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3ff77557-b162-4ed9-a1a5-c0da571fa288 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 35808c49-103c-4d90-83f0-a0999e150988 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**hGe=B E'b&  8P!e=B@l(Bl(X GMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hHC E'b&  8P!C@l(Bl(X HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hIGuC E'b&  8P!GuC@l(Bl( IMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hJC E'b&  8P!C@l(Bl( JMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hK E'b&  8P!@l(bBl(8KMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hLG E'b&  8P!G@l(bBl(8LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hM E'b&  8P!@l(gBl(T MMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hNw E'b&  8P!w@l(gBl(T NMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hO  E'b&  8P! @l(Bl( l OMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hPc E'b&  8P!c@l(Bl( l PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hQY[ E'b&  8P!Y[@l(iCl( QMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hRLi E'b&  8P!Li@l(iCl( RMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Coh**xS E'b&  8P!!j@l(pjCl( SMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7ca73bfd-8b75-47b4-b3e0-21750f2b32f9 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 012c4f4e-c55e-4658-9728-26242f89c915 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8x**hTǟ E'b&  8P!ǟ@l(tjCl(dXTMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hU" E'b&  8P!"@l(tjCl(dXUMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hV*  E'b&  8P!* @l(Bl(P VMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8hP! E'b&  8Ps-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah 8PP & hElfChnkWWƴ&^%( =f?mMF &**XW( E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!(@l(Bl(P WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hXE> E'b&  8P!E>@l(jCl( H XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hY'L E'b&  8P!'L@l(jCl( H YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**@Z} E'b&  8P!j}@l(kCl( ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  p;)(A? oData= ContextInfo A' =UserData A% =Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2d0bbe5f-e294-4dcb-ab72-4658187e4700 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 44f92d40-b830-46c0-8882-e967aaeb84b9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**h[ E'b&  8P!@l(Bl( [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceh**h\ E'b&  8P!@l(Bl( \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**h]k E'b&  8P!k@l(kCl( ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & (-h**h^ E'b&  8P!@l(kCl( ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**x_&c E'b&  8P!!j&c@l(RlCl( _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 920d16d8-fd04-4819-97f2-8e36cf078e9f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7206a8ec-bd76-4b59-bae9-14a76c406908 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. К\ E'b&  8P!>К\@l(nqCl((|}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**h~3 E'b&  8P!3@l(KrCl( ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**h 8 E'b&  8P! 8@l(KrCl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**h~`] E'b&  8P!~`]@l(LBl( L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**h7 E'b&  8P!n2>7@l(Cl(0\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hL7 E'b&  8P!L7@l(Cl(0\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hs]8 E'b&  8P!s]8@l(Cl(` Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h0"8 E'b&  8P!0"8@l(Cl(` Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hue8 E'b&  8P!ue8@l(CBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h3s8 E'b&  8P!3s8@l(CBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**x!,8 E'b&  8P!!j!,8@l( Cl(  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 442fc9a7-02a6-44f6-904d-11fdafa5222c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = bab493b6-e348-4a62-8102-232b9e5fd55d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @l(Bl( xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @IPEnabled -a E'b&  8P |jp@l(mBl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 012c4f4e-c55e-4658-9728-26242f89c915 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8x**hTǟ E'b&  8P!ǟ@l(tjCl(dXTMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hU" E'b&  8P!"@l(tjCl(dXUMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hV*  E'b&  8P!* @l(Bl(P VMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8hP! E'b&  8Ps-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah 8PP & hElfChnkOOX9 Tn+ȳ(P=f?mMF&a**1> E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j1>@l(Bl( xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1762b21c-d251-40a9-9eba-5477c34acea4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = bc3346d7-4d1b-41fe-8ee5-a1641ba1e0dc Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ura**j[> E'b&  8P9!j[>@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c(ma**hOvg> E'b&  8P!Ovg>@l(Bl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hd> E'b&  8P!d>@l(Bl(4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hP> E'b&  8P!P>@l(Bl(4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aaceh**x)? E'b&  8P!!j)?@l(qBl(4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f1732563-536a-48e1-9476-453b347cd4a7 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c52d2b2c-732b-4bcb-800e-ee002addd068 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hz$? E'b&  8P!z$?@l(pCl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h3b2? E'b&  8P!3b2?@l(pCl(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h5R? E'b&  8P!5R?@l(rCl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hYEb? E'b&  8P!YEb?@l(rCl( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hFy? E'b&  8P!Fy?@l( Bl(h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h>7? E'b&  8P!>7?@l( Bl(h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a4Z E'b&  8P!4Z@l(#Cl(Pt>Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**h?![ E'b&  8P!![@l(#Cl(Pt?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**h@#=4[ E'b&  8P!#=4[@l(ACl( @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hAC[ E'b&  8P!C[@l(ACl( AMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hBRY[ E'b&  8P!RY[@l(Bl( BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hCg[ E'b&  8P!g[@l(Bl( CMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hDߔt[ E'b&  8P!ߔt[@l(Bl( `DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hEA[ E'b&  8P!A[@l(Bl( `EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hFa E'b&  8P!a@l(Bl( FMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hGET E'b&  8P!ET@l(Bl( GMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aƩ E'b&  8P!!j>Ʃ@l(8Cl(Xl Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ae6588fc-6eba-4bae-8ea1-fd724ec1b5f1 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c515a343-a4cd-4d77-87c7-066ae78ac644 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. {x**hŠ E'b&  8P!@l( Cl(T ŠMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hÊ_t E'b&  8P!_t@l( Cl(T ÊMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hĊHD E'b&  8P!HD@l(%Cl(XĊMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (h**hŊR E'b&  8P!R@l(%Cl(XŊMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hƊK  E'b&  8P!K @l(Cl(ƊMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hNJ E'b&  8P!@l(Cl(NJMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hȊ E'b&  8P!@l(Cl(( |ȊMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hɊ E'b&  8P!@l(Cl(( |ɊMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hʊ E'b&  8P!@l(ءCl(48ʊMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hˊ E'b&  8P!@l(ءCl(48ˊMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h̊aݙ E'b&  8P!aݙ@l(ߡCl(̊Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**h͊ E'b&  8P!@l(ߡCl(͊Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**xΊ۸n E'b&  8P!!j۸n@l(fCl( ΊMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 12ce36ce-a3e5-4f2f-aa93-da4bd03aa500 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 2de012e8-c8f9-4f1b-b17f-1adade53bcd1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. {x**hϊ E'b&  8P!@l(UCl(` , ϊMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hЊKL E'b&  8P!KL@l(UCl(` , ЊMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hъBǡ E'b&  8P!Bǡ@l(Cl(H ъMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**hҊա E'b&  8P!ա@l(Cl(H ҊMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hӊb E'b&  8P!b@l(Cl(P ӊMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hԊ E'b&  8P!@l(Cl(P ԊMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xՊ| E'b&  8P!!j|@l(Cl(P ՊMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 580d3ef2-7118-49f5-95fa-03c12132a5a5 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = de610c5f-d80a-4937-bd36-0bfa8089798a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. {x**h֊ E'b&  8P!@l(Cl(֊Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h׊x  E'b&  8P!x @l(Cl(׊Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h؊&jڢ E'b&  8P!&jڢ@l(2Cl(l ؊Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (h**hي E'b&  8P!@l(2Cl(l يMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**xڊ` E'b&  8P!!j`@l(Cl(l ڊMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 01408fa3-5fcc-442f-ae71-1c3cffeae9ad Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9fa8b855-96d8-4f9c-8ed5-279f9e49a098 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hۊo E'b&  8P!o@l(Cl(tۊMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h܊[ E'b&  8P![@l(Cl(t܊Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h݊ E'b&  8P!@l(Cl( ݊Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hފ E'b&  8P!@l(Cl( ފMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**xߊoB E'b&  8P!!joB@l(qCl( ߊMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d15bad83-c93b-49ea-9a4b-34a191053f1a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 09715af9-fd94-49b8-8dcf-e91b57062394 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8 E'b&  8P!8@l(Cl(>Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h?$ E'b&  8P!$@l(Cl(?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h@ۯ E'b&  8P!ۯ@l(Cl(@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hA E'b&  8P!@l(Cl(AMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hBޞ E'b&  8P!ޞ@l(gCl( BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hC E'b&  8P!@l(gCl( CMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xDc E'b&  8P!!jc@l(vCl(  DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e936af8c-8078-452a-af20-f26fcb58915f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d6a1a668-7d60-4fbe-b47d-f7069a8fea05 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**hE_W E'b&  8P!_W@l(zCl( EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hFC E'b&  8P!C@l(zCl( FMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hG E'b&  8P!@l(Cl(, GMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hH E'b&  8P!@l(Cl(, HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdhess } | Sele E'b&  8Pacj0@l(Cl(,IMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ = 2d130556-1c40-4ee6-a45a-e8f381fb701e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. < E'b&  8P!&><س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h2J< E'b&  8P!2J<س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hšk< E'b&  8P!šk<س·Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hy< E'b&  8P!y<س·Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**xš< E'b&  8P!!jš<س𷥖(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f29cb8c8-7d24-46aa-81cd-cd21fd277076 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f445e231-5651-425b-8cbd-052f860e74eb Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. d-x**h = E'b&  8P! =س򷥖Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**h~P.= E'b&  8P!~P.=س򷥖Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**hlR= E'b&  8P!lR=سpMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h^= E'b&  8P!^=سpMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**x* = E'b&  8P!!j* =سҹpMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = cc5cd7c8-191a-4d57-a432-1d8987f9a382 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c3ad0fbb-af85-44a6-99b0-590664f8ba08 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 0-x**h= E'b&  8P!=س9$0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**hK= E'b&  8P!K=س9$0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**hK!> E'b&  8P!K!>سٹ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h0> E'b&  8P!0>سٹ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h\F> E'b&  8P!\F>سոd ` Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hbT> E'b&  8P!bT>سոd ` Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hT}> E'b&  8P!T}>سDMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hׇ> E'b&  8P!ׇ>سDMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hqT E'b&  8P!qTسHMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hid E'b&  8P!idسHMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hiC E'b&  8P!iCس޺Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hQ E'b&  8P!Qس޺Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Whdows-PowerSh E'b&  8Prational ElfChnk@-w+U(L =f?mMF &**XEr E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!Erس溥@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**h~ E'b&  8P!~س溥@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**@ E'b&  8P!jسLMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  p;)(A?L oData= ContextInfo A'L =UserData A%L =Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a85c4001-fd67-4c76-88a8-fd8bed1329ce Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1a85defe-8d7c-4cb8-92f3-2f989972f3d0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. e@**h< E'b&  8P!<سMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**h!% E'b&  8P!!%سMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & (-h**h= E'b&  8P!=سֹL @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**h~ E'b&  8P!~سֹL @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ct h**hEI& E'b&  8P!EI&س>(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &$mah**h52 E'b&  8P!52س>(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sh**h  E'b&  8P! سd Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-h**h$ E'b&  8P!$سd Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hqB E'b&  8P!qBس8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hBN E'b&  8P!BNس8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**xŢ E'b&  8P!!jŢسX8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 30afc061-cc0d-41c0-8208-313befe82da6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 53fcbd01-d123-4146-ad2d-5e4156f9def9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hߢ E'b&  8P!ߢسZ8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**h E'b&  8P!سZ8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eIh**h8V E'b&  8P!8VسC Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**h$b E'b&  8P!$bسC Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**h8 E'b&  8P!8س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**hG08 E'b&  8P!G08س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**h5A E'b&  8P!5Aس| Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hNAA E'b&  8P!NAAس| Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hA E'b&  8P!Aس(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hA E'b&  8P!Aس(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**x"B E'b&  8P!!j"Bسf(TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5d3f3931-344f-48d3-8616-796c65cba792 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = bb125860-584b-493e-b028-669d2b73b739 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**h,;B E'b&  8P!,;Bس־ LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hFB E'b&  8P!FBس־ LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hlJ E'b&  8P!lJس羥4 (Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hMJ E'b&  8P!MJس羥4 (Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hTJ E'b&  8P!TJسLMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hoZJ E'b&  8P!oZJسLMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**xQjK E'b&  8P!!jQjKس񿥖LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 32ef9070-52d3-4249-bc4f-d77be9eb5f9c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 64ae7abe-8829-434a-bee3-cc37656dd9b8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hАK E'b&  8P!АKسϼd ,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**hԼK E'b&  8P!ԼKسϼd ,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**hqK E'b&  8P!qKس󿥖 (Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h]K E'b&  8P!]Kس󿥖 (Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Winh**x4L E'b&  8P!!j4Lسd  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = fc183ebb-1251-4226-8bbd-405aaf0b00ac Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 21e52e6b-9768-422f-b324-aca77338a4d5 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Gx**h] PL E'b&  8P!] PLسd8XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-anh**h[L E'b&  8P![Lسd8XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &y -h**hL E'b&  8P!LسpL d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hLL E'b&  8P!LLسpL d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h_L E'b&  8P!_Lس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hUL E'b&  8P!ULس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hL E'b&  8P!Lس, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h#L E'b&  8P!#Lس, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h‹2w E'b&  8P!2wس<xD ‹Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hË E'b&  8P!س<xD ËMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hċ[ E'b&  8P![س 8ċMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hŋ E'b&  8P!س 8ŋMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hƋ] E'b&  8P!]س4D ƋMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**hNj3 E'b&  8P!3س4D NjMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**xȋv E'b&  8P!!jvس9¥4 ȋMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 58873366-e105-49db-9b3a-a776ef82353a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = cbd11467-75b1-4490-a776-1e735f135a4b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hɋ<[ E'b&  8P!<[س ɋMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hʋ@G E'b&  8P!@Gس ʋMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hˋv E'b&  8P!vسˋMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h̋y E'b&  8P!yس̋Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**h͋*Ӊ E'b&  8P!*Ӊس å0 ͋Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**h΋ މ E'b&  8P! މس å0 ΋Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hϋH E'b&  8P!Hسå ϋMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**hЋ E'b&  8P!سå ЋMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**hы6ð E'b&  8P!6ðس$ ыMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rouh**hҋΰ E'b&  8P!ΰس$ ҋMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**xӋn%E E'b&  8P!!jn%Eس$ ӋMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9adc97e0-235c-4b00-a9fe-ddd55e7002a1 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b4b5fed3-25c3-47cc-81a7-9986cc761944 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Hox**hԋb E'b&  8P!bس+å ԋMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**hՋ`n E'b&  8P!`nس+å ՋMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h֋Paر E'b&  8P!Paرس$ ֋Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**h׋ E'b&  8P!س$ ׋Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**h؋Ǥ< E'b&  8P!Ǥ<سiĥT ؋Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rouh**hًJű< E'b&  8P!Jű<سiĥT ًMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hڋMYP E'b&  8P!MYPسmĥ x ڋMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &elsh**hۋ8eP E'b&  8P!8ePسmĥ x ۋMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &} h**h܋\ E'b&  8P!\سåL܋Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &74eh**h݋"\ E'b&  8P!"\سåL݋Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ROUh**ދ7\ E'b&  8P]!j7\سĥދMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8272d9d7-1bf6-4c67-9184-497818d7df7e Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-tciqvrz3.xxl.ps1 Engine Version = 4.0 Runspace ID = 8ab386cf-784c-44e4-9fd9-bc8c83674440 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8**hߋٺB\ E'b&  8P!ٺB\سĥߋMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Coh**hwN\ E'b&  8P!wN\سĥMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &icyh**x5g\ E'b&  8P!!j5g\سĥMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c1532055-db46-438d-b8c6-7a2cd27ebb30 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 51b04b82-d685-402e-af6e-aa5f2e46ac33 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8x**h \ E'b&  8P! \سĥDMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h\ E'b&  8P!\سĥDMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hi>?_ E'b&  8P!i>?_سmĥp  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h#*K_ E'b&  8P!#*K_سmĥp  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h d_ E'b&  8P! d_سĥMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**ho_ E'b&  8P!o_سĥMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8hP! E'b&  8Ps-j{_س[ťd Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @P!idسHMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hiC E'b&  8P!iCس޺Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hQ E'b&  8P!Qس޺Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Whdows-PowerSh E'b&  8Prational ElfChnk77`S%Rǜ(P=f?mMF&a**{_ E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j{_س[ťd Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b0934140-e447-4642-9b66-2e975e48038f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = cd36ab0c-bad6-4441-ace6-8ae2c326e63e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. **Ik E'b&  8P9!IkسĥMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c( S**h?Uk E'b&  8P!?UkسĥMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aeh**h?u E'b&  8P!?uسĥ |Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**hA v E'b&  8P!A vسĥ |Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**h:Iv E'b&  8P!:Ivسhť Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**h>Wv E'b&  8P!>Wvسhť Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**x;v E'b&  8P!!j;vسƥ D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e1b199f8-111f-4e7f-837f-49ff72ac6d53 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f7983dcb-8abc-4749-b43c-be5bfbd90096 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**h!v E'b&  8P!!vسƥ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hv E'b&  8P!vسƥ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**ḧ́w E'b&  8P!̈́wسfƥ,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hDyw E'b&  8P!Dywسfƥ,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hYw E'b&  8P!YwسRťlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hBw E'b&  8P!BwسRťlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**xVQx E'b&  8P!!jVQxسǥMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3ba1ef89-ad97-4af5-bf7b-215710a843b7 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1ea279b2-08a0-4c0f-a6d4-2c9c68d0d496 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 3-x**hzx E'b&  8P!zxسǥ <Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**hPx E'b&  8P!Pxسǥ <Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**hx E'b&  8P!xسťMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hx E'b&  8P!xسťMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**x y E'b&  8P!!j yسuǥMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f22c679f-bc3c-42cb-96ff-72d6928c4683 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = bfd18efd-77e5-45fb-b86e-fecc6b897182 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error.  29 E'b&  8P! 29س̥ L >Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ct h**h??9 E'b&  8P!?9س̥ L ?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h@G9 E'b&  8P!G9سѥ< @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hA$9 E'b&  8P!$9سѥ< AMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hBEx E'b&  8P!ExسΥ| BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hC1 E'b&  8P!1سΥ| CMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hD; E'b&  8P!;سBΥDMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hE\I E'b&  8P!\IسBΥEMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hF$g E'b&  8P!$gس9ҥ@ 0FMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hGu E'b&  8P!uس9ҥ@ 0GMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**xH9C E'b&  8P!!j9Cس%ϥ@ 0HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 85f595d4-06d9-435c-b2f1-948ff775599c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 55e67c55-cea9-4587-9e87-52e1f17c8b20 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**hI"  E'b&  8P!" س(ϥ IMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hJ'  E'b&  8P!' س(ϥ JMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hK'g E'b&  8P!'gسҥ pKMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hLR E'b&  8P!Rسҥ pLMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hMUJ E'b&  8P!UJسҥ MMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hNX E'b&  8P!Xسҥ NMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hO~ E'b&  8P!~سХ OMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hP E'b&  8P!سХ PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hQq E'b&  8P!qس]ӥ8 QMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hR~ E'b&  8P!~س]ӥ8 RMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hSݼ E'b&  8P!ݼسbӥ@ SMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hTț E'b&  8P!țسbӥ@ TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xU T@ E'b&  8P!!j T@سХ@ UMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7048d262-af54-4940-a47d-d2e791593c91 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8746a6c6-3420-4fb2-8445-11d44a17a0cc Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. uex**hVYj E'b&  8P!YjسХ VMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hWEv E'b&  8P!EvسХ WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hX*  E'b&  8P!* س ѥD XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hYȩ E'b&  8P!ȩس ѥD YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hZ @ E'b&  8P! @سѥ| ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h[dA E'b&  8P!A>dAسݥ @ČMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af E'b&  8P!>س楖PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h7^ E'b&  8P!7^س楖$Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h{i E'b&  8P!{iس楖$Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**x E'b&  8P!!jس饖TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e2ee592f-f94c-424e-9417-d0130387c6ee Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4d9e772e-6f28-4f36-85ec-68713c015901 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h  E'b&  8P!س饖 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**h q E'b&  8P!qس饖 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**h 42 E'b&  8P!42س饖0 D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**h A E'b&  8P!Aس饖0 D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**x  E'b&  8P!!jس祖0  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ba28be5f-480e-43ef-af8a-ce126163fe31 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4f1e21b1-8a83-4544-8c43-d686882126d0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. w E'b&  8P!>wس祖X Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hC E'b&  8P!Cس祖X Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hik E'b&  8P!ikسi襖 lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**hw E'b&  8P!wسi襖 lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**he9 E'b&  8P!e9س꥖4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aqueh**hG E'b&  8P!Gس꥖4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hUd E'b&  8P!Udس襖\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hJp E'b&  8P!Jpس襖\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**xް E'b&  8P!!jްس饖\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 24f8afc3-e1f9-4ef7-b3b1-c110552ade71 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 43db8204-d200-4fc4-bd7b-96f6c33b3ae2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ntx**hW E'b&  8P!Wس"饖l Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h E'b&  8P!س"饖l Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hs?v E'b&  8P!s?vس륖0 LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**h { E'b&  8P!{س륖0 L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**h!<@ E'b&  8P!<@س쥖!Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**h"&rJ@ E'b&  8P!&rJ@س쥖"Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**h#, c E'b&  8P!, cس꥖@#Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aqueh**h$Dc E'b&  8P!Dcس꥖@$Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h%-5c E'b&  8P!-5cس꥖ %Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h&*|Cc E'b&  8P!*|Ccس꥖ &Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**x'c E'b&  8P!!jcسU륖 'Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1e5995c3-80e6-49b0-bf44-def87383ce7b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 831628de-e574-4198-973b-fbe92ee6c961 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. drx**h(c E'b&  8P!cسV륖x (Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**h)_c E'b&  8P!_cسV륖x )Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**h* Jd E'b&  8P! Jdس륖D*Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aqueh**h+Wd E'b&  8P!Wdس륖D+Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h, E'b&  8P!س ,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h- E'b&  8P!س -Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h.d_ E'b&  8P!d_سb00 .Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h/ p E'b&  8P! pسb00 /Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h0?u E'b&  8P!?uس쥖@0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h1Wރ E'b&  8P!Wރس쥖@1Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h2 E'b&  8P!س쥖h2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h3# E'b&  8P!#س쥖h3Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8hP! E'b&  8Ps-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah  8Prational ElfChnk44pN8o4(L =f?mMF &**X4hj E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!hjس4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**h5v E'b&  8P!vس5Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**6߉ E'b&  8P'!j߉س6Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  p;)(A?L oData= ContextInfo A'L =UserData A%L =Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9ccbcd0f-8c26-48b5-a6ef-39710549ddee Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-lsz512bg.l0d.ps1 Engine Version = 4.0 Runspace ID = 36a572a9-d258-439d-a88d-9020b566cbb9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Co**h7 E'b&  8P!س 7Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ateh**h8gC E'b&  8P!gCس 8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &PGah**x9HU E'b&  8P!!jHUس 9Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d030461e-8262-4162-ba94-28a4208db737 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9a06be82-b5ba-448b-a10f-57b7e41743a8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**h:uH E'b&  8P!uHسh:Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h;6T E'b&  8P!6Tسh;Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h<Lz E'b&  8P!Lzس $ <Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h=T E'b&  8P!Tس $ =Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h>]| E'b&  8P!]|س,8 >Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h?eh E'b&  8P!ehس,8 ?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**x@ E'b&  8P!!jس稜,8@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ee3e034f-a820-4416-b657-9fc3b65c8da4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 2e329dbf-7dea-4921-8362-eb5b43283173 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**hA" E'b&  8P!"س稜 AMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hBm" E'b&  8P!m"س稜 BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hC-f- E'b&  8P!-f-س稜 dCMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hD9r- E'b&  8P!9r-س稜 dDMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hE- E'b&  8P!-سEMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hF- E'b&  8P!-سFMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**xG. E'b&  8P!!j.سGMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d88720c3-480d-4a84-aa02-67719f17e80f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9ed35ec4-3199-4153-a960-6a0e33c92ab7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. twx**hHK. E'b&  8P!K.س HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atch**hI_Y. E'b&  8P!_Y.س IMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ameh**hJ:0 E'b&  8P!:0س0p JMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &helh**hK 0 E'b&  8P! 0س0p KMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hL(0 E'b&  8P!(0س LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hM}0 E'b&  8P!}0س MMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**xNq`1 E'b&  8P!!jq`1س稜$NMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 96a153c2-8791-4d99-8226-48b284d143a6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b1f806a6-23f7-424d-bfa3-8ccc26214c1e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. erx**hOނ1 E'b&  8P!ނ1سXOMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &trih**hP-1 E'b&  8P!-1سXPMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &etAh**hQѯ1 E'b&  8P!ѯ1س \ QMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &'00h**hRo1 E'b&  8P!o1س \ RMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & cah**xSd%2 E'b&  8P!!jd%2س  SMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = dc615b8c-6dc5-4827-b37b-cf982beb8b6d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 96a17c8d-d106-496a-999b-d7e360a4c6a1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hTWA2 E'b&  8P!WA2سQ稜@ TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & 4.h**hUĥO2 E'b&  8P!ĥO2سQ稜@ UMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ferh**hVɛ2 E'b&  8P!ɛ2س|稜VMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &trih**hW 2 E'b&  8P! 2س|稜WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &etAh**hX~2 E'b&  8P!~2س稜  XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &'00h**hY@2 E'b&  8P!@2س稜D YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & cah**hZ2 E'b&  8P!2س稜  ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &worh**h[ 2 E'b&  8P! 2س稜D [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &etwh**h\ E'b&  8P!سZ \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atch**h] E'b&  8P!سZ ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ameh**h^E E'b&  8P!EسvL^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &helh**h_t1 E'b&  8P!t1سvL_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h`a E'b&  8P!aس l `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**ha#w E'b&  8P!#wس l aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**xbGd E'b&  8P!!jGdسc bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c1b33644-3e85-4513-bbc1-e9ce904fb495 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9a67e9ce-c799-4b5f-82af-157b372eee14 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. mex**hc E'b&  8P!س8cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &helh**hd E'b&  8P!س8dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**heT  E'b&  8P!T س<XeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hf1 E'b&  8P!1س<XfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hg|q| E'b&  8P!|q|س2\ gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hh}| E'b&  8P!}|س2\ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**higa E'b&  8P!gaسL iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hj E'b&  8P!سL jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hk" E'b&  8P!"س dkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hlȁĖ E'b&  8P!ȁĖس dlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**xm2 E'b&  8P!!j2س1 (mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a2ac4622-d18b-49f7-b57c-d2a54a7e3f99 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 21d9a661-dbb1-4460-80d4-dc7af3b4c132 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. cax**hnL E'b&  8P!Lس5` LnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &worh**hoX E'b&  8P!Xس5` LoMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &etwh**hp,— E'b&  8P!,—س,XpMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atch**hqΗ E'b&  8P!Ηس,XqMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ameh**hr=B/ E'b&  8P!=B/سD rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &helh**hs)N/ E'b&  8P!)N/سD sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**htO2 E'b&  8P!O2س,<tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hu/^2 E'b&  8P!/^2س,<uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hv}7 E'b&  8P!}7س0| vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hwlj7 E'b&  8P!lj7س0| wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hx4a; E'b&  8P!4a;س4 xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hyM; E'b&  8P!M;س4 yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hzR< E'b&  8P!R<س7HzMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h{ < E'b&  8P! <س7H{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**x|?< E'b&  8P!!j?<س*H |Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 78808fc2-9407-4916-ab41-8c7da518204a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 56cd7d5f-b76e-4830-8c61-ee8dec8fd20e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. mex**h}I1< E'b&  8P!I1<س}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &helh**h~mX< E'b&  8P!mX<س~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hD E'b&  8P!DسMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hHD E'b&  8P!HDس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hdӫD E'b&  8P!dӫDسMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hD E'b&  8P!Dس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hUD E'b&  8P!UDس\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hD E'b&  8P!Dس\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Whdows-PowerSh E'b&  8PE'bj(LWEس\ @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @dows-PowerShell/Operational &a8h**h0?u E'b&  8P!?uس쥖@0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h1Wރ E'b&  8P!Wރس쥖@1Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h2 E'b&  8P!س쥖h2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h3# E'b&  8P!#س쥖h3Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8hP! E'b&  8Ps-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah  8Prational ElfChnkڍڍ(rS_{(P=f?mMF&a**(LWE E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j(LWEس\ @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ed71aa19-040e-47fb-94c1-067ec673b49a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = aab10fd2-ad37-4a29-a3df-41f0ec78d311 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. etR**I}E E'b&  8P9!I}EسbMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c(n **hE E'b&  8P!EسbMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aSelh**hE E'b&  8P!Eسh h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hE E'b&  8P!Eسh h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad Gh**xF E'b&  8P!!jFسgh Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 43259c2b-1437-4dbf-baad-942c7b3e14d7 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 154c3c0a-4da9-44dc-8576-894e6eea6091 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. nax**h.F E'b&  8P!.Fس| Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &acath**h:F E'b&  8P!:Fس| Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sih**hNrF E'b&  8P!NrFس8$ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aon h**hGz~F E'b&  8P!Gz~Fس8$ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aSelh**hF E'b&  8P!Fس4x Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hQF E'b&  8P!QFس4x Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad Gh**hF E'b&  8P!Fس0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a-anh**hUF E'b&  8P!UFس0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ay -h**hEw E'b&  8P!Ewس; @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h'# E'b&  8P!'#س; @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hL E'b&  8P!Lس ,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hy E'b&  8P!yس ,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hx E'b&  8P!xس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hl E'b&  8P!lس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xd E'b&  8P!!jdس& Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4864bb48-3bbf-4c34-8b68-962da917c509 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e88cb12f-93aa-4765-ac5b-245ea8334ce0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**hT} E'b&  8P!T}سOt Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h? E'b&  8P!?سOt Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hl) E'b&  8P!l)س, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h5 E'b&  8P!5س, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h E'b&  8P!س/D4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**ha E'b&  8P!aس/D4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hR E'b&  8P!Rس)$ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h匪 E'b&  8P!匪س)$ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hȩ E'b&  8P!ȩس |Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hp E'b&  8P!pس |Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Hoh**xQ`$ E'b&  8P!!jQ`$س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a6a1c96f-6ced-419e-8b91-15d9443a00d2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1adadb77-ab6f-451e-9dd1-aafe76725a38 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h? E'b&  8P!?سW Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hK E'b&  8P!KسW Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h E'b&  8P!س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hUū E'b&  8P!Uūس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Hoh**h{qB E'b&  8P!{qBس4 DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aExeh**h=B E'b&  8P!=Bس4 DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hG E'b&  8P!Gس8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &auteh**h G E'b&  8P! Gس8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aadah**hg,J E'b&  8P!g,JسHMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arouh**hzJ E'b&  8P!zJسHMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hOWU  E'b&  8P!WU س  >Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-anh**h?_Ca  E'b&  8P!_Ca س  ?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &y -h**h@#A  E'b&  8P!#A س<H 0 @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hAյǗ  E'b&  8P!յǗ س<H 0 AMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hBٺї  E'b&  8P!ٺї س=| BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hCTzߗ  E'b&  8P!Tzߗ س=| CMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hDd  E'b&  8P!d س> DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hE)w  E'b&  8P!)w س> EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hFpf+  E'b&  8P!pf+ سe @FMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hG׭w+  E'b&  8P!׭w+ سe @GMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hHH  E'b&  8P!H س  HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hIH  E'b&  8P!H س  IMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hJ_ I  E'b&  8P!_ I س#(dJMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**hK0I  E'b&  8P!0I س#(dKMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**xL I  E'b&  8P!!j I س(LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 088d0b1d-a726-4d08-84d7-4dd59167a730 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 00ef6faf-269b-4a06-be84-6ebff1e58070 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hMbI  E'b&  8P!bI سn X MMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hNFSI  E'b&  8P!FSI سn X NMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hOJ  E'b&  8P!J س OMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hP+J  E'b&  8P!+J س PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hQH7  E'b&  8P!H7 سV ,0 QMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**hR4C  E'b&  8P!4C سV ,0 RMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hSz  E'b&  8P!z سa SMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**hTf  E'b&  8P!f سa TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**hUO  E'b&  8P!O س xUMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rouh**hV  E'b&  8P! س xVMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**xWڥU  E'b&  8P!!jڥU سx WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 222df2d7-36e4-4492-ad37-d27ab3560d3f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8ce12f5a-9352-4236-bd60-68317f398c96 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**hXp  E'b&  8P!p س < XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**hY |  E'b&  8P! | س < YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**hZ  E'b&  8P! س.T ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rouh**h[ؑ  E'b&  8P!ؑ س.T [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h\  E'b&  8P! س2T \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &elsh**h]+  E'b&  8P!+ س2T ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &} h**h^c  E'b&  8P!c س+0 ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &09ah**h_  E'b&  8P! س+0 _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ROUh**h`g?  E'b&  8P!g? سv  `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**haK  E'b&  8P!K سv  aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hbӊ  E'b&  8P!ӊ س|bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hc'  E'b&  8P!' س|cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**xdk  E'b&  8P!!jk سT| dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e346fdf8-045e-4cd6-b95a-a77a5ba16786 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 35e02f77-3541-4090-813c-3e0ccf21f7c4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**he\"6  E'b&  8P!\"6 سDeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &horh**hf\A  E'b&  8P!\A سDfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &unsh**hg*}  E'b&  8P!*} سHgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hh  E'b&  8P! سHhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &le h**hi  E'b&  8P! سT iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Chh**hjij  E'b&  8P!ij سT jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tioh**xk3  E'b&  8P!!j3 سDT XkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 168fab75-c117-43f5-ad7c-08ed8bc7fdde Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 138c6e56-ecb8-42b0-9a11-0b712b1b73e7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 60x**hl4  E'b&  8P!4 سE lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ry h**hmUr@  E'b&  8P!Ur@ سE mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**hn丯  E'b&  8P!丯 سT nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &.Inh**howԯ  E'b&  8P!wԯ سOp0oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hp  E'b&  8P! سOp0pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &k }h**hqUj  E'b&  8P!Uj س  qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-Obh**hry  E'b&  8P!y س  rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &re-h**xs.|  E'b&  8P!!j.| س sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f3bb13cd-3ad9-41b6-8960-b48c16a703ff Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = fca84456-aa0b-4c4a-91e0-50f04d6b88b0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. elx**htp  E'b&  8P!p سtP tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &helh**hu[\  E'b&  8P![\ سtP uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &helh**hvͰ  E'b&  8P!Ͱ س} DvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-68h**hwuٰ  E'b&  8P!uٰ س} DwMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ry h**xx?  E'b&  8P!!j? س  \xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d1631d1c-ea3f-43ba-876a-680aa99335ce Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e32b15f1-835a-4b49-a94f-fb5f31b2af80 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x  8Prational ElfChnkyҎyҎ`Wa54(,=f?mMF&**Xyv Y  E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!v Y سOD yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hzK\d  E'b&  8P!K\d سOD zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**h{  E'b&  8P! س` L{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**h|x  E'b&  8P!x س` L|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**h}Ʊ  E'b&  8P!Ʊ سj4}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**h~/ұ  E'b&  8P!/ұ سk0 ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &00-h**hOұ  E'b&  8P!Oұ سj4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**h:ޱ  E'b&  8P!:ޱ سk0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nfih**hC E'b&  8P!Cس4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h@C E'b&  8P!@Cس4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Verh**hb E'b&  8P!bس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Acth**hb E'b&  8P!bس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t Rh**hv)c E'b&  8P!v)cسt ( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &r =h**h(c E'b&  8P!(cسt ( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &resh**@{~c E'b&  8P!j{~cس/t < Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(A?,oData= ContextInfo A',=UserData A%,=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0bb0c86a-411a-408f-add3-67621f5a4162 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c71cb0af-54c7-47ae-aff5-07546009716d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**hI͚c E'b&  8P!I͚cس0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hc E'b&  8P!cس0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h:@d E'b&  8P!:@dس@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h+d E'b&  8P!+dس@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h]1 E'b&  8P!]1س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hyE E'b&  8P!yEس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**haƫ E'b&  8P!aƫسH\ 4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hv E'b&  8P!vسH\ 4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h$H E'b&  8P!$HسNMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hI E'b&  8P!IسNMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**x!g E'b&  8P!!j!gسh Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6e88119e-fdde-4226-85cf-8faad718c5b7 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 54f9de6e-b163-4209-8acf-6e82d320f6ec Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h E'b&  8P!سlp p Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h' E'b&  8P!'سlp p Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h E'b&  8P!س0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hz  E'b&  8P!z س0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hw E'b&  8P!wس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hIe E'b&  8P!Ieس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hyͻ E'b&  8P!yͻس4pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h^ۻ E'b&  8P!^ۻس4pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h84 E'b&  8P!84س#8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h| E'b&  8P!|س#8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h+P E'b&  8P!+Pس{DDMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h; E'b&  8P!;س{DDMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**x E'b&  8P!!jسED Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3d807cbf-c1cf-4ce0-9655-c9da34ab3844 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4fabdf52-c0ae-4366-a322-4703c70f3a39 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ntx**h Q E'b&  8P! Qس[ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h; E'b&  8P!;س[ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h*{ E'b&  8P!*{سr(  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h E'b&  8P!سr(  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h? E'b&  8P!?س,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h E'b&  8P!س,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**x#! E'b&  8P!!j#!س,T Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1c3905ad-5599-4ba1-90fb-393392c12eb8 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = cf85649e-e196-478b-b3cd-a91e2509640f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h= E'b&  8P!=س 0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**heeK E'b&  8P!eeKس 0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h` E'b&  8P!`س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h E'b&  8P!س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hw E'b&  8P!wسpMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h8c& E'b&  8P!8c&سpMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h]E E'b&  8P!]Eسx Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h*T E'b&  8P!*Tسx Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**xy E'b&  8P!!jyسMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3e7578e8-9938-46c3-a344-628a1dd343ac Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0d757abd-41d5-41bf-99f4-de630ab8aadf Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. OUx**ho E'b&  8P!oس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h E'b&  8P!س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h E'b&  8P!سMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h6  E'b&  8P!6 سMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**x E'b&  8P!!jس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 32931ab7-7fac-4c34-aa7d-4dd6e438e975 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f045f15d-5011-4bc1-b699-7d573a0b84b2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hҧ E'b&  8P!ҧس,  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &horh**h E'b&  8P!س,  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &unsh**h E'b&  8P!سTMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hn E'b&  8P!nسTMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &le h**hWS E'b&  8P!WSسc  h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Chh**hV E'b&  8P!Vسc  h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tioh**hAD+ E'b&  8P!AD+سg dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h6 E'b&  8P!6سg dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hF\ E'b&  8P!F\س ( TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h. E'b&  8P!>.سH$4ՎMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**h֎^= E'b&  8P!^=سH$4֎Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**h׎_ E'b&  8P!_س$ ׎Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**h؎A E'b&  8P!Aس$ ؎Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &00-h**hَ E'b&  8P!سP< َMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**hڎu E'b&  8P!uسP< ڎMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nfih**hێ;u E'b&  8P!;uس$0`ێMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h܎<* E'b&  8P!<*س$0`܎Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Verh**@ݎ E'b&  8P!jس0 ݎMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Yp;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7e493d32-dbf5-4cb3-9dd1-9ddf592450cc Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 600bdbd0-a5ea-4da2-bb58-7c75eeb9abc2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**hގF E'b&  8P!Fسd, ގMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ct h**hߎ E'b&  8P!سd, ߎMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &$mah**hk E'b&  8P!kس, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sh**hjX E'b&  8P!jXس, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h> E'b&  8P!>سa%Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h{ E'b&  8P!{سa%Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**xUw E'b&  8P!!jUwس&XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = bd3f2bb5-aa8c-4957-bee5-296bd1dec87a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f46d496e-0462-4646-9ed2-9ad253d3723f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hÕ E'b&  8P!Õس&L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**h E'b&  8P!س&L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**h E'b&  8P!س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**h_ E'b&  8P!_س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**hEα E'b&  8P!Eαس& Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hƾ E'b&  8P!ƾس& Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**h  E'b&  8P! س&Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**h E'b&  8P!س&Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**x_ E'b&  8P!!j_س&Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a5b38d4b-0adf-43a7-9205-07f8581631fb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = fb2ba779-857c-4628-8b50-802526a43b7c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Я E'b&  8P!>Яس&L 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**h3ܯ E'b&  8P!ܯس&L 3Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**x4hL E'b&  8P!!jhLس 1 4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9fda8340-e6d1-4399-98a4-135eb5c10f53 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = babf4e68-82d8-4cf0-b834-2da012ab01a1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**h5h E'b&  8P!hسR&8 5Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h6t E'b&  8P!tسR&8 6Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (h**h7DE E'b&  8P!DEس&07Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h8Y E'b&  8P!Yس&08Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h9y? E'b&  8P!y?س1 9Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h:*@ E'b&  8P!*@س1 :Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h;ʂub E'b&  8P!ʂubس' (;Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h<Ѓb E'b&  8P!Ѓbس' (<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h=b E'b&  8P!bس'T =Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h>4b E'b&  8P!4bس'T >Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**x??c E'b&  8P!!j?cسA2T ?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 456a9464-fffc-467f-a8f7-162db95af2d0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7f56d4b8-4525-4a86-a222-e952f2a98178 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. .. E'b&  8P!>..س<0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hC=. E'b&  8P!C=.س<0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**hn^. E'b&  8P!n^.س$< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hcn. E'b&  8P!cn.س$< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**x,. E'b&  8P!!j,.س< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e4b5f77f-e997-4fc5-803c-7be6a81907f4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ee23600c-b9c0-46e2-be96-4e5612c8b4de Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hM/ E'b&  8P!M/س0 HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hBw/ E'b&  8P!Bw/س0 HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hN:,/ E'b&  8P!N:,/س< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h6/ E'b&  8P!6/س< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**x/ E'b&  8P!!j/س< , Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0c9905dc-4629-4a68-a122-c2a49e1fa01a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 224908f8-90b5-42e7-a7c8-ed5ac2a0f09d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. f-x**hHc/ E'b&  8P!Hc/س1H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**h|/ E'b&  8P!|/س1H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**hj/ E'b&  8P!j/س$=<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h 0 E'b&  8P! 0س$=<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h{0 E'b&  8P!{0س(2Lx Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h.0 E'b&  8P!.0س(2Lx Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h ;0 E'b&  8P! ;0س0=@pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hVH0 E'b&  8P!VH0س0=@pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hw  E'b&  8P!w س52\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h] E'b&  8P!]س52\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aTTMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &afTTMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ae0-h**hh E'b&  8P!hسO> Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**h t E'b&  8P! tسO> Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**x E'b&  8P!!jس3 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ae4ea1e3-0aa9-4c03-90b4-6c344df43840 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 40aa1e47-414f-4405-b58e-e06711ade3c2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hc E'b&  8P!cسo> T Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hO  E'b&  8P!O سo> T Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hPf E'b&  8P!Pfس3Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h1 E'b&  8P!1س3Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h%p E'b&  8P!%pس84Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hp E'b&  8P!pس84Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h  E'b&  8P! س?p Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h E'b&  8P!س?p Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $h**h)6 E'b&  8P!)6س?,  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hIxD E'b&  8P!IxDس?,  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**xU E'b&  8P!!jUس5, ,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = db9dcabc-89b4-4ee6-a83e-60855cabc55b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6dd93e9f-6c1d-440f-a486-ec178f18a767 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hє E'b&  8P!єس?p Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hC E'b&  8P!Cس?p Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hM E'b&  8P!Mس.@X x Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hY E'b&  8P!Yس.@X x Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (h**hMղ# E'b&  8P!Mղ#سH6| Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hU # E'b&  8P!U #سH6| Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h5 E'b&  8P!5س@d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h5 E'b&  8P!5س@d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h`> E'b&  8P!`>س6 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h:> E'b&  8P!:>س6 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h> E'b&  8P!>س@p Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h? E'b&  8P!?س@p Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**x+~? E'b&  8P!!j+~?سA Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 932dad36-6aef-406f-b331-404aaf6a92cb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 68656234-ff5a-4224-8f8e-9c0d2e487258 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**h;? E'b&  8P!;?سAMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hz'? E'b&  8P!z'?سAMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**h!F E'b&  8P!!Fس2BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h{pF E'b&  8P!{pFس2BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**hA)G E'b&  8P!A)Gس 7h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahorh**hG E'b&  8P!Gس 7h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aunsh**hG E'b&  8P!GسB t Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h޲G E'b&  8P!޲GسB t Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ale h**hG E'b&  8P!Gس|7 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Chh**heG E'b&  8P!eGس|7 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atioh**xyWH E'b&  8P!!jyWHسCh Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 321d904b-4d44-419e-88f7-84340c17b585 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ba250095-b6d7-47b6-841e-132e076e60b8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hs}H E'b&  8P!s}HسC,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hÏH E'b&  8P!HسC,ÏMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hďEH E'b&  8P!EHس7 lďMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hŏH E'b&  8P!Hس7 lŏMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $h**xƏ'I E'b&  8P!!j'IسH8 ƏMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8f6e8ff2-8ead-418a-b2a0-c44695a88301 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0867138a-b7ba-45d7-b825-2d9f5e0fd7b3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hǏDI E'b&  8P!DIسI8l |ǏMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hȏNI E'b&  8P!NIسI8l |ȏMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hɏxhqI E'b&  8P!xhqIسN8 ɏMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hʏ рI E'b&  8P! рIسN8 ʏMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hˏI E'b&  8P!IسDpL ˏMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h̏I E'b&  8P!IسDpL ̏Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (h**h͏I E'b&  8P!IسDT͏Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hΏI E'b&  8P!IسDTΏMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hϏ(} E'b&  8P!(}س8 @ϏMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hЏ؉ E'b&  8P!؉س8 @ЏMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hяA E'b&  8P!Aس@9 яMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hҏ} E'b&  8P!}س@9 ҏMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hӏ~O E'b&  8P!~OسA9 ӏMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hԏ E'b&  8P!سA9 ԏMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aanh**h{'f& E'b&  8P!jVس": ՏMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*h|7%u& E'b&  8P!7%u&س:| |Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**h} & E'b&  8P! &س@/8X }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**h~6c& E'b&  8P!6c&س@/8X ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aquehe Number = 1 E'b&  8P Shell ID = Microsoft.PowerShell Error Message = System error. x  8Prational ElfChnkՏ!Տ!haT(P=f?mMF&a**ՏV E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jVس": ՏMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 230771ca-05be-42d2-b85d-33cae76a910c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4336a63e-d1ee-4425-baf1-5f1ecf51f870 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ID **֏hs E'b&  8P9!hsس&:֏Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c(f **h׏~ E'b&  8P!~س&:׏Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &and h**h؏b E'b&  8P!bسfF`؏Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aaceh**hُ}N E'b&  8P!}NسfF`ُMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**hڏ\ E'b&  8P!\سF ,ڏMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**hۏSn E'b&  8P!SnسF ,ۏMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**h܏xG~ E'b&  8P!xG~سTG ܏Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hݏ E'b&  8P!سTG ݏMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**hޏE E'b&  8P!Eس;$| ޏMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hߏ E'b&  8P!س;$| ߏMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**x ; E'b&  8P!!j ;س;$ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d02a3b3d-253c-482a-b633-6796ac7c8bbb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7a23444e-8bc8-46fc-8d94-b8a649972f3a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**h.X E'b&  8P!.Xس; Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hd E'b&  8P!dس; Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hzԮ E'b&  8P!zԮس.H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h E'b&  8P!س.H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**hu< E'b&  8P!u<س.< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h,< E'b&  8P!,<س.< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h?N E'b&  8P!?Nس<PhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hiN E'b&  8P!iNس<PhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hY E'b&  8P!Yس< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hܶZ E'b&  8P!ܶZس< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**Z E'b&  8P]!jZس< p Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 74566fe5-f962-41ce-b049-b4d65ac04f3e Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-x5f32qpo.xrr.ps1 Engine Version = 4.0 Runspace ID = c8957589-f7b7-430d-ad2d-ad6fc049abf7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. e = **hp,Z E'b&  8P!p,Zس}IMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aHc/h**h(:Z E'b&  8P!(:Zس}IMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a|/h**xȬZ E'b&  8P!!jȬZسqJMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 51568f69-71fe-469b-be15-61af3625202f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 64328cbc-7094-4e39-8c36-013cb8c02262 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**hZ E'b&  8P!Zس<DD Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hZ E'b&  8P!Zس<DD Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hT)] E'b&  8P!T)]سJ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a4dfh**h"] E'b&  8P!"]سJ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &and h**h8] E'b&  8P!8]سJ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &and h**h?C] E'b&  8P!?C]سJ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aorAh**xk] E'b&  8P!!jk]سK |Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 20d1c94b-21f5-4fcf-b113-674c4eb3477b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b90e4f31-f0e8-4501-83e6-f421e0859f87 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**hmh E'b&  8P!mhسK@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hCa{h E'b&  8P!Ca{hسK@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hWs E'b&  8P!WsسKDMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hxjes E'b&  8P!xjesسKDMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hs E'b&  8P!sسK Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 66577ebb-1ab0-4635-aa44-fef39e20aa7d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 36b143cf-0e42-46ab-8d4f-00dc0c39031f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. cax**h~mJx E'b&  8P!~mJxسM Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aworh**hvYVx E'b&  8P!vYVxسM Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetwh**hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aatch**hx E'b&  8P!xسb>Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aameh**xx E'b&  8P!!jxسMMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 35d9c68b-b586-4e31-95d3-8589bdb7a1ce Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = bd300ad6-be1b-4832-b7f1-7b80fcae928f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h y E'b&  8P!yس>D  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a 4.h**h y E'b&  8P!yس>D  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aferh**h Ey E'b&  8P!Eyس?@P Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atrih**h YyRy E'b&  8P!YyRyس?@P Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetAh**h hy E'b&  8P!hyسN 4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a'00h**hCwy E'b&  8P!CwyسN 4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a cah**hky E'b&  8P!kyس9? LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aworh**hy E'b&  8P!yس9? LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetwh**hǙ E'b&  8P!Ǚس? Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aatch**hA E'b&  8P!Aس? Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aameh**hy* E'b&  8P!y*س?H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahelh**hl* E'b&  8P!l*س?H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hi* E'b&  8P!i*سNMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**h* E'b&  8P!*سNMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**x++ E'b&  8P!!j++سcO Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9836bf24-d275-4ae0-815c-c3d8a2ef5b2e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5f52f6f1-72d4-4e4b-b9fa-dea47adf6a89 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. mex**hG+ E'b&  8P!G+سp@,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahelh**hImS+ E'b&  8P!ImS+سp@,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hd+ E'b&  8P!d+سP  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hY+ E'b&  8P!Y+سP  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hÁ E'b&  8P!Áس@,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hE֌ E'b&  8P!E֌س@,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hG E'b&  8P!Gس@ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hS E'b&  8P!Sس@ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**h s E'b&  8P!sس@X  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**h!; E'b&  8P!;س@X  !Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Whdows-PowerSh E'b&  8PE'bj)سQX "Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @dows-PowerShell/Operational &a{ $h**hяA E'b&  8P!Aس@9 яMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hҏ} E'b&  8P!}س@9 ҏMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hӏ~O E'b&  8P!~OسA9 ӏMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hԏ E'b&  8P!سA9 ԏMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aanh**h{'f& E'b&  8P!jVس": ՏMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*h|7%u& E'b&  8P!7%u&س:| |Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**h} & E'b&  8P! &س@/8X }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**h~6c& E'b&  8P!6c&س@/8X ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aquehe Number = 1 E'b&  8P Shell ID = Microsoft.PowerShell Error Message = System error. x  8Prational ElfChnk"b"bXd5dKY^l(P=f?mMF&a**") E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j)سQX "Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d0ed0fee-33ae-46ab-b1e9-dda19e4d49ca Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f5aa2c6b-5020-4ccd-bb18-78dbe37349b6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ID **#4Y E'b&  8P9!4YسA\ #Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c(f **h$E  E'b&  8P!E سA\ $Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &and h**h% E'b&  8P!س!A $ %Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aaceh**h&֖ E'b&  8P!֖س!A $ &Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**h'% E'b&  8P!%سR@'Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**h(m E'b&  8P!mسR@(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**H/)lk" E'b&  8P-!jlk"سA@P )Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational -@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 19ab4599-6b6b-4752-8e1b-31e41684363d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $os = Get-CimInstance -ClassName Win32_OperatingSystem $license = Get-CimInstance -ClassName SoftwareLicensingProduct | Where-Object { $_.PartialProductKey -ne $null -and $_.Name -like "*Windows*" } | Select-Object -First 1 $slService = Get-CimInstance -ClassName SoftwareLicensingService -ErrorAction SilentlyContinue # Activation status mapping $activationStatus = "unknown" if ($license) { switch ($license.LicenseStatus) { 0 { $activationStatus = "unlicensed" } 1 { $activationStatus = "activated" } 2 { $activationStatus = "out_of_box_grace" } 3 { $activationStatus = "out_of_tolerance_grace" } 4 { $activationStatus = "non_genuine_grace" } 5 { $activationStatus = "notification" } 6 { $activationStatus = "extended_grace" } default { $activationStatus = "unknown" } } } # Edition name mapping from SKU $editionName = "Unknown" $licenseFamily = "Unknown" if ($os.OperatingSystemSKU) { switch ($os.OperatingSystemSKU) { 7 { $editionName = "Server Standard"; $licenseFamily = "ServerStandard" } 8 { $editionName = "Server Datacenter"; $licenseFamily = "ServerDatacenter" } 10 { $editionName = "Server Enterprise"; $licenseFamily = "ServerEnterprise" } 12 { $editionName = "Server Datacenter (Core)"; $licenseFamily = "ServerDatacenter" } 13 { $editionName = "Server Standard (Core)"; $licenseFamily = "ServerStandard" } 14 { $editionName = "Server Enterprise (Core)"; $licenseFamily = "ServerEnterprise" } 39 { $editionName = "Server Datacenter (No GUI)"; $licenseFamily = "ServerDatacenter" } 40 { $editionName = "Server Standard (No GUI)"; $licenseFamily = "ServerStandard" } default { $editionName = $os.Caption } } } # Detect server role (Full GUI, Server Core, Nano) $serverRole = "Full GUI" $installationType = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Name InstallationType -ErrorAction SilentlyContinue if ($installationType) { switch ($installationType.InstallationType) { "Server Core" { $serverRole = "Server Core" } "Nano Server" { $serverRole = "Nano Server" } default { $serverRole = "Full GUI" } } } # KMS/MAK activation details $metadata = @{ license_channel = "Unknown" license_family = $licenseFamily server_role = $serverRole } # Get KMS server information $kmsReg = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" -ErrorAction SilentlyContinue if ($kmsReg) { if ($kmsReg.KeyManagementServiceMachine) { $metadata.kms_server = $kmsReg.KeyManagementServiceMachine if ($kmsReg.KeyManagementServicePort) { $metadata.kms_server = "$($kmsReg.KeyManagementServiceMachine):$($kmsReg.KeyManagementServicePort)" } $metadata.license_channel = "Volume" } if ($kmsReg.VLActivationInterval) { $metadata.activation_interval = $kmsReg.VLActivationInterval } if ($kmsReg.VLRenewalInterval) { $metadata.renewal_interval = $kmsReg.VLRenewalInterval } } # Grace period and expiration info if ($license) { if ($license.GracePeriodRemaining) { $graceDays = [math]::Floor($license.GracePeriodRemaining / 1440) $metadata.grace_period_remaining = $graceDays } # License channel detection if ($license.ProductKeyChannel) { $metadata.license_channel = $license.ProductKeyChannel } elseif ($license.Description -match "MAK") { $metadata.license_channel = "MAK" } elseif ($license.Description -match "KMS") { $metadata.license_channel = "Volume" } elseif ($license.Description -match "OEM") { $metadata.license_channel = "OEM" } elseif ($license.Description -match "Retail") { $metadata.license_channel = "Retail" } # License family from product if ($license.LicenseFamily) { $metadata.license_family = $license.LicenseFamily } } # Terminal Services / RDS CAL information $tsLicensingMode = "Not configured" $tsPath = "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\Licensing Core" if (Test-Path $tsPath) { $licensing = Get-ItemProperty -Path $tsPath -ErrorAction SilentlyContinue if ($licensing -and $licensing.LicensingMode) { switch ($licensing.LicensingMode) { 2 { $tsLicensingMode = "Per Device" } 4 { $tsLicensingMode = "Per User" } 5 { $tsLicensingMode = "Not Configured" } default { $tsLicensingMode = "Unknown" } } $metadata.rds_licensing_mode = $tsLicensingMode } } # Check for domain membership (affects CAL requirements) $computerSystem = Get-CimInstance -ClassName Win32_ComputerSystem -ErrorAction SilentlyContinue if ($computerSystem) { if ($computerSystem.PartOfDomain) { $metadata.domain_joined = $true $metadata.domain_name = $computerSystem.Domain } else { $metadata.domain_joined = $false } } $result = @{ ProductName = $os.Caption Version = $os.Version Edition = $editionName PartialKey = if ($license) { $license.PartialProductKey } else { "" } ActivationStatus = $activationStatus LicenseType = if ($license) { $license.Description } else { "" } Metadata = ($metadata | ConvertTo-Json -Compress) } $result | ConvertTo-Json Engine Version = 4.0 Runspace ID = bb13382a-9d9d-412e-b952-5ef12aa55dc0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. WarH/**h*gB E'b&  8P!gBسR*Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aNonh**h+3Q E'b&  8P!3QسR+Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aet-h**h, E'b&  8P!سA \ ,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah (h**h-ִ E'b&  8P!ִسA \ -Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a($ah**h. E'b&  8P!سA.Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h/G E'b&  8P!GسA/Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atlyh**h0f E'b&  8P!fسS00Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a -Fh**h1q E'b&  8P!qسS01Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**h2)I E'b&  8P!)Iس S l2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a39-h**h3dž E'b&  8P!džس S l3Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h4ڕw E'b&  8P!ڕwسS d4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &au E'b&  8P!uسC\  >Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aKh**h?M  E'b&  8P!M سS?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aKh**h@& E'b&  8P!&سS@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aKh**hA; E'b&  8P!;سpCAMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a=h**hB4J E'b&  8P!4JسpCBMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ast h**xC$O E'b&  8P!!j$Oس`TT CMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 378b8d38-10f6-4843-8099-3323b6161498 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 61840999-7c5a-435b-b8d7-8279f77aecb0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. \Lx**hDۅ E'b&  8P!ۅسaT8DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aLh**hE E'b&  8P!سaT8EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aLh**hFN E'b&  8P!NسjT FMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a=h**hG; E'b&  8P!;سjT GMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a=h**xH| E'b&  8P!!j|سDHMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c649974d-e178-4726-ac82-7341ddba792a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6703ecbc-459b-49a2-a73b-0e3ab35c04cf Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hI E'b&  8P!سT IMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aMh**hJp E'b&  8P!pسT JMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aMh**hK E'b&  8P!سT KMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ab>h**hLb E'b&  8P!bسT LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ab>h**hM= E'b&  8P!=سT` MMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aMh**hN& E'b&  8P!&سT` NMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ast h**hO  E'b&  8P! سT0OMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arorh**hP* E'b&  8P!*سT0PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ajech**hQI#+ E'b&  8P!I#+سU <QMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &apteh**hRj2+ E'b&  8P!j2+سU <RMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aAddh**hSL8 E'b&  8P!L8سF SMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hT#8 E'b&  8P!#8سF TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ame h**hU-B8 E'b&  8P!-B8سFUMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &alash**hVN8 E'b&  8P!N8سFVMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aresh**xW^8 E'b&  8P!!j^8س+VTWMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 920edd17-bd7c-4323-aeda-47dccd80ef50 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 27e8e494-f77a-4a7c-98ba-44eadb0dc425 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ?x**hXc8 E'b&  8P!c8سF L XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a?h**hY F8 E'b&  8P! F8سF L YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a?h**hZdi9 E'b&  8P!di9سF ` ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aNh**h[`u9 E'b&  8P!`u9سF ` [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aNh**`\J9 E'b&  8P !jJ9سV L\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational | p Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = fb1a923f-59ba-4bc0-be0d-bd4d907caae1 Host Application = powershell.exe -NoProfile -NonInteractive -Command try { $ErrorActionPreference = "Stop" $ProgressPreference = "SilentlyContinue" if (-not (Get-Module -ListAvailable -Name PSWindowsUpdate)) { Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser -Force if (-not (Get-PackageProvider -Name NuGet -ErrorAction SilentlyContinue)) { Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force } if ((Get-PSRepository -Name 'PSGallery').InstallationPolicy -ne 'Trusted') { Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted } Install-Module -Name PSWindowsUpdate -Force -AllowClobber -Scope CurrentUser } Import-Module PSWindowsUpdate -Force $pending = @(Get-WindowsUpdate -IsInstalled $false -ErrorAction Stop | Where-Object { $_.IsDownloaded -ne $true }) if ($pending.Count -eq 0) { Write-Output "No updates need to be downloaded (all available updates are already downloaded)" exit 0 } Get-WindowsUpdate -Download -AcceptAll -IgnoreReboot -ErrorAction Stop | Out-Null Write-Output ("Downloaded available updates via PSWindowsUpdate (pending before download: " + $pending.Count + ")") exit 0 } catch { Write-Error $_.Exception.Message; exit 1 } Engine Version = 4.0 Runspace ID = ffc2b46e-3ab5-46c9-9679-33939a98ea1e Pipeline ID = 1 Command Name = Command Type = Script Script Name = Command Path = Sequence Number = 18 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The term 'Get-PackageProvider' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Fully Qualified Error ID = Microsoft.PowerShell.Commands.WriteErrorException -W`**h]ǝ9 E'b&  8P!ǝ9سV]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**h^%9 E'b&  8P!%9سV^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**h_Й@ E'b&  8P!Й@سF_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**h`@ E'b&  8P!@سF`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**a{@ E'b&  8P!j{@سF aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e5c80151-0b05-4461-942e-f272c866f9c9 Host Application = powershell.exe -NoProfile -NonInteractive -Command try { $ErrorActionPreference = "Stop" $ProgressPreference = "SilentlyContinue" if (-not (Get-Module -ListAvailable -Name PSWindowsUpdate)) { Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser -Force if (-not (Get-PackageProvider -Name NuGet -ErrorAction SilentlyContinue)) { Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force } if ((Get-PSRepository -Name 'PSGallery').InstallationPolicy -ne 'Trusted') { Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted } Install-Module -Name PSWindowsUpdate -Force -AllowClobber -Scope CurrentUser } Import-Module PSWindowsUpdate -Force $updates = @(Get-WindowsUpdate -IsInstalled $false -ErrorAction Stop | Where-Object { $_.IsDownloaded -eq $true }) foreach ($u in $updates) { $kb = "" if ($u.KBArticleIDs -and $u.KBArticleIDs.Count -gt 0) { $kb = $u.KBArticleIDs[0] } [PSCustomObject]@{ Title = $u.Title Size = $u.Size KB = $kb Categories = ($u.Categories | ForEach-Object { $_.Name }) -join "," Severity = if ($u.MsrcSeverity) { $u.MsrcSeverity } else { "Unknown" } Description = $u.Description IsDownloaded = $u.IsDownloaded SupportUrl = $u.SupportUrl } | ConvertTo-Json -Compress Write-Output "---SEPARATOR---" } exit 0 } catch { Write-Error $_.Exception.Message; exit 1 } Engine Version = 4.0 Runspace ID = 8f975b6d-a61b-4bf1-b9c6-cc34e1c17c27 Pipeline ID = 1 Command Name = Command Type = Script Script Name = Command Path = Sequence Number = 18 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The term 'Get-PackageProvider' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Fully Qualified Error ID = Microsoft.PowerShell.Commands.WriteErrorException @**hb@K@ E'b&  8P!@K@سF bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a. hx  8Prational ElfChnkcc`c(=f?mMF&**Xcl7@ E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!l7@سF cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hd  E'b&  8P!> سBKp$Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**h J  E'b&  8P! J سBKp$Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hu  E'b&  8P!u سPKMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &792h**hď  E'b&  8P!ď سPKMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**h  E'b&  8P! سu^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**h  E'b&  8P! سu^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tioh**hL>  E'b&  8P!L> سK$ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &dreh**h8ǥ  E'b&  8P!8ǥ سK$ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tryh**hdC! E'b&  8P!dC!س^ 4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &andh**h(C! E'b&  8P!(C!س^ 4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & -ah**h V! E'b&  8P! V!سqL $Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Engh**h&ZV! E'b&  8P!&ZV!سqL $Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hV! E'b&  8P!V!سT_\ \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hV! E'b&  8P!V!سT_\ \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**xְaW! E'b&  8P!!jְaW!سM\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a004fd5c-69f5-4fd4-ae34-ca538c163ff0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 59218ae9-ef56-452a-bd36-a2049ea03fcd Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. dox**hUU~W! E'b&  8P!UU~W!سM Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**h>W! E'b&  8P!>W!سM Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hW! E'b&  8P!W!سa` Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ef5h**hX! E'b&  8P!X!سa` Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**hd! E'b&  8P!d!س`d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**hr! E'b&  8P!r!س`d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tioh**ht " E'b&  8P!t "سMD Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &dreh**hi " E'b&  8P!i "سMD Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tryh**h^Ĭ " E'b&  8P!^Ĭ "س"a Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &andh**h, " E'b&  8P!, "س"a Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & -ah**xk\. " E'b&  8P!!jk\. "سa Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d7f78eca-7202-4ff6-9571-a4a907dd01fe Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 01cec940-98b3-4fa3-a6f6-e27ebd3a7fc2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. {x**hxWK " E'b&  8P!xWK "سa Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &pdah**h]CW " E'b&  8P!]CW "سa Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &o uh**h " E'b&  8P! "سjNhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Wrh**h " E'b&  8P! "سjNhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h4" E'b&  8P!4"سN Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hB" E'b&  8P!B"سN Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &andh**hY~" E'b&  8P!Y~"سOMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ncth**h" E'b&  8P!"سOMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**h')" E'b&  8P!')"سFc0 D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h88" E'b&  8P!88"سFc0 D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h t" E'b&  8P! t"سO dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**hЙ" E'b&  8P!Й"سO dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**x" E'b&  8P!!j"سO Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 447e5f2d-d023-4193-8e56-117ee5e6037b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 315b68a4-effb-4571-866e-fcab94eca631 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hD"" E'b&  8P!D""سO Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Thh**h/" E'b&  8P!/"سO Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rifh**h>" E'b&  8P!>"سO Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Ph!@K@ E'b&  8PwerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a. hx  8Prational ElfChnk  8f8$I,(=f?mMFQ&**X%rK" E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!%rK"سO@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hY" E'b&  8P!Y"سO Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hwq" E'b&  8P!wq"سO@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**hU" E'b&  8P!U"سch Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**h(q" E'b&  8P!(q"سch Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**@`<" E'b&  8P!j`<"سPhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Qp;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7df68d98-afd9-4630-ab66-d93b7696b750 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 157d329f-29f4-43c5-b49c-3dbd069e6dd8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**hÐ2`1" E'b&  8P!2`1"سPplÐMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & (-h**hĐZ?" E'b&  8P!Z?"سPplĐMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**hŐC~\" E'b&  8P!C~\"س-dd L ŐMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ct h**hƐձg" E'b&  8P!ձg"س-dd L ƐMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &$mah**xǐҷ" E'b&  8P!!jҷ"سdd ǐMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f71fad0b-448b-4ac4-9bd2-6b5b0d57ae38 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = fc4dd6ff-0ed7-4434-981f-8d33605cba3f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. " E'b&  8P!>"سO Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Ph!@K@ E'b&  8PwerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a. hx  8Prational ElfChnk Z ZPKOoߙG(P=f?mMF&a** O[$ E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jO[$سm, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a91cbba1-243f-4894-b56e-d653a1362439 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a8a38b1d-d084-4297-bb3b-c2bf91cb626e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. an** p$ E'b&  8P9!p$سY  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c({ **h m9$ E'b&  8P!m9$سY  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**h`$ E'b&  8P!`$سY Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**hݮ$ E'b&  8P!ݮ$سY Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**xc$ E'b&  8P!!jc$سmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4e4be48d-bc1d-47eb-a06c-66ea59f53e2b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 58e5d568-b2a3-4dd2-a67b-4c72ad72cff0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -nx**h $ E'b&  8P! $سYTMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h$ E'b&  8P!$سYTMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hL$ E'b&  8P!L$سXnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h$ E'b&  8P!$سXnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h$ E'b&  8P!$س^n8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aF' E'b&  8P!F'سT_ >Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &acath**h?c' E'b&  8P!c'سs\ ?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sih**h@n' E'b&  8P!n'سs\ @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aon h**xAo' E'b&  8P!!jo'سt\ AMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9c3e1eab-98e1-47e5-b6ef-3ccf15357aec Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4a9f7024-953c-4e8a-8857-5dc19dce174f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. nax**hB' E'b&  8P!'س~_H xBMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**hC9' E'b&  8P!9'س~_H xCMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**hDD' E'b&  8P!D'س)uTDMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**hEqP' E'b&  8P!qP'س)uTEMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &acath**hFg' E'b&  8P!g'س-u(FMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sih**hGm' E'b&  8P!m'س_ GMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aon h**hHE t' E'b&  8P!E t'س-u(HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aSelh**hIy' E'b&  8P!y'س_ IMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hJe' E'b&  8P!e'سju JMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad Gh**hK' E'b&  8P!'سju KMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a-anh**hL:r' E'b&  8P!:r'سn` LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ay -h**hM&~' E'b&  8P!&~'سn` MMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hN9' E'b&  8P!9'سv h NMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hO_' E'b&  8P!_'سv h OMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xP' E'b&  8P!!j'س0a 8 PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6ee6b260-9a68-489d-8848-03c39bc4c8de Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d14833cb-b49c-4918-a819-250e377602c9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hQ3' E'b&  8P!3'س1aX LQMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad Gh**hR?' E'b&  8P!?'س1aX LRMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a-anh**hSFõ' E'b&  8P!Fõ'سaT@SMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ay -h**hTϵ' E'b&  8P!ϵ'سaT@TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hU1?( E'b&  8P!1?(سv UMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hV?( E'b&  8P!?(سv VMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hWaCg( E'b&  8P!aCg(س%w WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hXvMOg( E'b&  8P!vMOg(س%w XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hY!mg( E'b&  8P!!mg(س+wd|YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hZzg( E'b&  8P!zg(س+wd|ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah  8 E'b&  8Posje{g(سcd [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @  8P!_f/$س2Y,  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & cahh { # igno E'b&  8P{ jO[$سm, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@dapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 315b68a4-effb-4571-866e-fcab94eca631 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hD"" E'b&  8P!D""سO Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Thh**h/" E'b&  8P!/"سO Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rifh**h>" E'b&  8P!>"سO Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Ph!@K@ E'b&  8PwerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a. hx  8Prational ElfChnk[[@%{[ (P=f?mMF&a**[e{g( E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!je{g(سcd [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2b65bc58-54d2-4e20-97c6-d1d47783bf6e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = db00dac5-5d9d-4ead-9c58-4be7d0d1e249 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. an**\Rh( E'b&  8P9!Rh(سZw \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c({ **h]h( E'b&  8P!h(سZw ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**h^}h( E'b&  8P!}h(سdD^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**h_h( E'b&  8P!h(سdD_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**h`h( E'b&  8P!h(سw@| `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**haG( E'b&  8P!G(سw@| aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hb"C ) E'b&  8P!"C )س eD bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hcN$Q ) E'b&  8P!N$Q )س eD cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hdl) E'b&  8P!l)سOxd xdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**he;)) E'b&  8P!;))سOxd xeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hfɎ) E'b&  8P!Ɏ)سe fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hgS) E'b&  8P!S)سe gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hh) E'b&  8P!)سox hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**hir) E'b&  8P!r)سox iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**xjLT) E'b&  8P!!jLT)سe jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = fa59dc4f-25b3-4017-a905-b5b44b300101 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0fffd047-c41d-4ce8-aabd-96c3b71c1a48 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. " E'b&  8P!>"سO Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Ph!@K@ E'b&  8PwerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a. hx  8Prational ElfChnk`ٗ@{(P=f?mMF&a**{IH+ E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j{IH+سڀx d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ed93fa72-4154-4ee0-9ce1-37b366d9f9f7 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ee401925-2e91-4ae1-9146-c1867beb7df7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. an**YH+ E'b&  8P9!YH+سmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c({ **hH+ E'b&  8P!H+سmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hEPO+ E'b&  8P!EPO+سXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**h^O+ E'b&  8P!^O+سXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hfoO+ E'b&  8P!foO+س  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h O+ E'b&  8P! O+س  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xP+ E'b&  8P!!jP+سn Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 764fcdd6-3603-461f-87da-9445aea05338 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 3317fc35-462f-4cae-b3b9-9b4266f97be3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**h(P+ E'b&  8P!(P+سn L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h6P+ E'b&  8P!6P+سn L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hTP+ E'b&  8P!TP+سh LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hbP+ E'b&  8P!bP+سh LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**x_uP+ E'b&  8P!!j_uP+س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = cee70608-b79e-49dc-96fc-094d91956661 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 749dc74d-4ffa-436a-bfe6-30853046c2a4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. &0 E'b&  8P!!j>&0س @8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6c99b7b8-d15c-4218-b436-062e4bad697b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9635a874-5e46-46cc-9762-02346b9f484d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h9C\&0 E'b&  8P!C\&0س(L9Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h:g&0 E'b&  8P!g&0س(L:Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h;"&0 E'b&  8P!"&0سLP ;Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h<&0 E'b&  8P!&0سLP <Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h=L@0 E'b&  8P!L@0س =Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h>P0 E'b&  8P!P0س >Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h?۟_0 E'b&  8P!۟_0س$?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h@m0 E'b&  8P!m0س$@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hAS0 E'b&  8P!S0س AMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hB&0 E'b&  8P!&0س BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**xC, 0 E'b&  8P!!j, 0س , CMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 803c7b6e-0a24-489b-a59c-82d85af82407 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 74ced22a-7d59-4e19-85c1-adc3d0758421 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. anx**hD1/0 E'b&  8P!1/0سXDDMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hE]m:0 E'b&  8P!]m:0سXDEMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hFu0 E'b&  8P!u0س FMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hG+0 E'b&  8P!+0س GMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hHPpx1 E'b&  8P!Ppx1س)@HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hI x1 E'b&  8P! x1س)@IMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hJ?|1 E'b&  8P!?|1س$ D JMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hK^|1 E'b&  8P!^|1س$ D KMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hL{1 E'b&  8P!{1سꁦ p LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hM51 E'b&  8P!51سꁦ p MMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hN5ņ1 E'b&  8P!5ņ1س NMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hO҆1 E'b&  8P!҆1س OMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xPVJ1 E'b&  8P!!jVJ1س_PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 420587d7-629f-4de5-8fe4-bafc8d9d5ac0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 96179131-77b1-4420-9c76-34043a0ad5c5 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**hQv1 E'b&  8P!v1س;<QMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hR1 E'b&  8P!1س;<RMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hS.1 E'b&  8P!.1سSMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hT:1 E'b&  8P!:1سTMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hU{Y1 E'b&  8P!{Y1سQH 0UMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hVgg1 E'b&  8P!gg1سQH 0VMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &quehe Number = 1 E'b&  8P Sj,ԋ1سՕH WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @P! .س%wt< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah  8Prational ElfChnkWW  !y(P=f?mMF&a**W,ԋ1 E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j,ԋ1سՕH WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 60dec194-7fef-4029-aecf-69877f0a81f6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 87c1caa8-7b99-45a0-b99e-358b41d0c28d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ac **X1 E'b&  8P9!1س0 XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c(d **hY1 E'b&  8P!1س0 YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aaceh**hZ*ff1 E'b&  8P!*ff1سnH ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**h[Qr1 E'b&  8P!Qr1سnH [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**h\ũV1 E'b&  8P!ũV1سۖD4\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**h]Oe1 E'b&  8P!Oe1سۖD4]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**h^A1 E'b&  8P!A1سܖ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**h_i1 E'b&  8P!i1سܖ _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**x`]R1 E'b&  8P!!j]R1س 0`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 60842597-f11b-480e-a73d-de44b2134ec0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 982a65ce-6d87-45e1-9d55-b1535d5ad2ee Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ʐ1 E'b&  8P!!j>ʐ1سeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7ec58c1e-f4c9-4f8f-863a-9dbf0f719beb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6a0b256a-ade1-4df0-91db-2cf33299e5f4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 2 E'b&  8P!>2س^8 |Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h}j]2 E'b&  8P!j]2س򙦖 }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h~j2 E'b&  8P!j2س򙦖 ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**x 2 E'b&  8P!!j 2سMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3e02b3d4-9262-4fdb-ba44-bf1b9160de23 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = eb570907-b848-4c6f-b008-599ddd027f93 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. {x**h2 E'b&  8P!2سP Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h2 E'b&  8P!2سP Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h@l2 E'b&  8P!@l2سMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aSch**h,x2 E'b&  8P!,x2سMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a-nh**h1j3 E'b&  8P!1j3س" Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h3 E'b&  8P!3س" Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hEW3 E'b&  8P!EW3سt| Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hԫh3 E'b&  8P!ԫh3سt| Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hZ3 E'b&  8P!Z3سuH Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hój3 E'b&  8P!ój3سuH Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h3ܩ3 E'b&  8P!3ܩ3سv, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h3 E'b&  8P!3سv, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xHg13 E'b&  8P!!jHg13س䊦4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a4d20f6e-e7d0-4e5d-83f5-9bb60a37d1b8 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f8a7b5f4-a5b7-4fa6-9be7-1ef223d6797d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -nx**h[3 E'b&  8P![3س犦TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hg3 E'b&  8P!g3س犦TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hF3 E'b&  8P!F3س  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h/8U3 E'b&  8P!/8U3س  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hm3 E'b&  8P!m3سMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**ho7{3 E'b&  8P!o7{3سMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hPF3 E'b&  8P!PF3س0 $ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hE)3 E'b&  8P!E)3س0 $ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**xQ 3 E'b&  8P!!jQ 3س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 99c14130-73d4-484c-b9b9-1d0b2685ddf7 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 73c450b3-6a84-4439-b3e6-be09bff755c7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. eIx**hG2/3 E'b&  8P!G2/3س  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hk=3 E'b&  8P!k=3س  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**htX3 E'b&  8P!tX3س (Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h5d3 E'b&  8P!5d3س (Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**xƨ3 E'b&  8P!!jƨ3سV < Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a6758214-e307-41ee-94ca-6e1f0eac6a42 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c20dab54-b977-4e92-b624-547921f5ab1d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 7 E'b&  8P!!>7س)Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**h->7 E'b&  8P!->7س)Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**h,,7 E'b&  8P!,,7س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**hHR 7 E'b&  8P!HR 7س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hɢ7 E'b&  8P!ɢ7سAH Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**h 7 E'b&  8P! 7سAH Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hO7 E'b&  8P!O7س"D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h]7 E'b&  8P!]7س"D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**x7 E'b&  8P!!j7س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 23fcb96b-a1f4-45ff-846b-2001a52b06b6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7bb8768d-acbd-473b-8c2a-5d3b56af94d4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 7 E'b&  8P!>7س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h#7 E'b&  8P!#7س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hD7 E'b&  8P!D7س pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h 7 E'b&  8P!7س p Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**x c7 E'b&  8P!!jc7س   Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9801dcd9-4347-4021-8f87-1f56c0d453fc Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = cbfac8e2-ef37-4e42-90b4-68c87b43b827 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. nax**h mK7 E'b&  8P!mK7س  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &acath**h 7 E'b&  8P!7س  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sih**h 7 E'b&  8P!7سD Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aon h**hXI7 E'b&  8P!XI7سD Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aSelh**x1,7 E'b&  8P!!j1,7س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0f1abe9a-5506-44c6-9165-fa31f84fb6df Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7cbe5620-bf75-4851-9e22-fe1ad23ba0c2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. nax**heG7 E'b&  8P!eG7س@ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**hyV7 E'b&  8P!yV7س@ lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**h7 E'b&  8P!7س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &acath**h7 E'b&  8P!7س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sih**hI7 E'b&  8P!I7س<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aon h**h7 E'b&  8P!7س<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aSelh**hvD7 E'b&  8P!vD7س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hw7 E'b&  8P!w7س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad Gh**hh3t8 E'b&  8P!h3t8سnxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a-anh**h-l@t8 E'b&  8P!-l@t8سnxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ay -h**h(8 E'b&  8P!(8سӚ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h%ɖ8 E'b&  8P!%ɖ8سӚ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hu58 E'b&  8P!u58سX Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**ht8 E'b&  8P!t8سX Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xm8 E'b&  8P!!jm8سEX Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0b03eb10-4039-4f06-b14e-15c44e8e1e1f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 99d92972-ba1b-4ac7-8eb1-886a3e17bfa9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Gx**hn8 E'b&  8P!n8سF Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a-anh**h 8 E'b&  8P!8سF Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ay -h**h! 8 E'b&  8P! 8سU !Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h"l*8 E'b&  8P!l*8سU "Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h#t'9 E'b&  8P!t'9س#Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h$p`'9 E'b&  8P!p`'9س$Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h%čI9 E'b&  8P!čI9س 8%Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h&I9 E'b&  8P!I9س 8&Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h' I9 E'b&  8P! I9س[ 'Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h(oI9 E'b&  8P!oI9س[ (Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**x)8J9 E'b&  8P!!j8J9س  )Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 93a58cf2-d4b0-499e-a3ff-0dea346e550a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9b17dcea-dc9f-4feb-95d9-50dc52b4cf3c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**h*TJ9 E'b&  8P!TJ9سۯX *Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h+-`J9 E'b&  8P!-`J9سۯX +Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h,I&J9 E'b&  8P!I&J9سsLh,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h-J9 E'b&  8P!J9سsLh-Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h.9 E'b&  8P!9سޝ.Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h/)9 E'b&  8P!)9سޝ/Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h099 E'b&  8P!99س8\ 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h19 E'b&  8P!9س8\ 1Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Hoh**h29 E'b&  8P!9س 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aExeh**h3!9 E'b&  8P!!9س 3Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h4r@9 E'b&  8P!r@9سl \4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &auteh**h5N9 E'b&  8P!N9سl \5Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aadah**x6w9 E'b&  8P!!jw9سl 6Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b27cd082-b89a-4b41-af2e-69af3eb6075d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d6c19a31-1b29-45ce-bc70-47cb3e942718 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h79 E'b&  8P!9سd$ 7Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h829 E'b&  8P!29سd$ 8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h9^9 E'b&  8P!^9سŞ 9Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h:j9 E'b&  8P!j9سŞ :Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h;p9 E'b&  8P!p9س D ;Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h<\9 E'b&  8P!\9س D <Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**x=n9 E'b&  8P!!jn9س9  =Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 550c50e9-2511-4195-b7aa-0cf7b380c857 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b9767f22-c096-4a08-b509-20c2a8bf8f69 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**h>8<9 E'b&  8P!8<9س4 >Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h?M+9 E'b&  8P!M+9س4 ?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h@G9 E'b&  8P!G9س @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hABT9 E'b&  8P!BT9س AMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hBPw9 E'b&  8P!Pw9سB BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hC9 E'b&  8P!9سB CMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xD9 E'b&  8P!!j9س\ H DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 24dfabd8-264a-4fef-9766-89dbf1d0fa0d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 16a78e34-8880-4bfd-94f9-ac53159fe896 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. f< E'b&  8P!>f<س㺦T Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**h< E'b&  8P!<سL Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hT#< E'b&  8P!T#<سL Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hq'< E'b&  8P!q'<سXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hh**hu< E'b&  8P!u<سXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &toph**hg;< E'b&  8P!g;<سb0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceMh**hH< E'b&  8P!H<سb0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nteh**xM< E'b&  8P!!jM<س0 \ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1cdc1843-1e15-407c-8572-d32ba8c7d126 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b8ed438f-5fdc-449a-a09a-5aa8f3251af2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. sox**h/< E'b&  8P!/<سl Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**h7< E'b&  8P!7<سl Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hKR< E'b&  8P!KR<سK Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hh**h6^< E'b&  8P!6^<سK Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &toph**hw(W= E'b&  8P!w(W=سS( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceMh**hW= E'b&  8P!W=سS( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nteh**hmw= E'b&  8P!mw=س񪦖H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-00h**hw= E'b&  8P!w=س񪦖H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & igh**hm x= E'b&  8P!m x=س򪦖X Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onfh**h/x= E'b&  8P!/x=س򪦖X Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rCohiguration |  E'b&  8PIPjx=س!X Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @re } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 16a78e34-8880-4bfd-94f9-ac53159fe896 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (P=f?mMF&a**x= E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jx=س!X Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8c87604d-c8d0-40bf-aa59-cf5b39bce748 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b6081562-b8e0-4843-986b-7413eafdaef9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. man**.x= E'b&  8P9!.x=س% Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c( **hx= E'b&  8P!x=س% Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aaceh**hy= E'b&  8P!y=س`,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**h)y= E'b&  8P!)y=س`,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**hdI > E'b&  8P!dI >سH Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**h > E'b&  8P! >سH Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**h3 > E'b&  8P!3 >س5x lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**h > E'b&  8P! >س5x lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hDp(> E'b&  8P!Dp(>سL X Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hڑ(> E'b&  8P!ڑ(>سL X Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h;(> E'b&  8P!;(>س?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h (> E'b&  8P! (>س?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**x֩E)> E'b&  8P!!j֩E)>سMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = dd0ab0ec-1952-4009-8cd2-233cd9e1c740 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 963a39aa-1a95-4e36-9ccf-d2ad84285983 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -nx**ht)> E'b&  8P!t)>س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hĀ)> E'b&  8P!Ā)>س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h*> E'b&  8P!*>سtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hfv*> E'b&  8P!fv*>سtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h4*> E'b&  8P!4*>س" Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hD*> E'b&  8P!D*>س" Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xN+> E'b&  8P!!jN+>س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6b345a58-bc74-4b5c-afb3-7bee5a3c2289 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8afea21b-85e8-4a6c-8c47-55bc8b758bb1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hej+> E'b&  8P!ej+>س dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**hx+> E'b&  8P!x+>س dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h:L+> E'b&  8P!:L+>سE d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h8+> E'b&  8P!8+>سE d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hH1> E'b&  8P!H1>سX Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h12> E'b&  8P!12>سX Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h02> E'b&  8P!02>سTMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hT?2> E'b&  8P!T?2>سTMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**xf2> E'b&  8P!!jf2>سJTMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f1b5cdd1-e7f2-4683-bf0a-1c9332294172 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 418f4172-05e4-4689-92dd-e80a66f4fa28 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error.  E'b&  8P!2>سK Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af E'b&  8P!2>سK Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af E'b&  8P!3>سO Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a7d-h**h 3> E'b&  8P! 3>سO Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**xK3> E'b&  8P!!jK3>س%¦0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = aa968992-daef-4a81-84bb-fe4a71fc8b09 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 2df7aae7-5402-451e-b1e3-5a0a64eb8167 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error.  E'b&  8P!3>سp L“Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af E'b&  8P!ְ3>سp LÓMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af E'b&  8P! 3>س4 ēMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af E'b&  8P!3>س4 œMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af E'b&  8P!B3>س¦0  ƓMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af3-h**hǓ<4> E'b&  8P!<4>س¦0  ǓMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**hȓR!4> E'b&  8P!R!4>س:l ȓMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**hɓ*.4> E'b&  8P!*.4>س:l ɓMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hʓ-> E'b&  8P!->سx ʓMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h˓> E'b&  8P!>سx ˓Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h̓ > E'b&  8P! >سæ`t ̓Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h͓V*> E'b&  8P!V*>سæ`t ͓Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hΓ'6> E'b&  8P!'6>سæ, ΓMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hϓuD> E'b&  8P!uD>سæ, ϓMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**xГM> E'b&  8P!!jM>س,ГMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = dc17775f-5e0b-4002-8734-2690567e45f1 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a29e41c4-397d-4caf-bf94-f84f4b82cfbe Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -nx**hѓF> E'b&  8P!F>س ѓMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hғ1> E'b&  8P!1>س ғMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hӓL> E'b&  8P!L>سŦ<ӓMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hԓo\> E'b&  8P!o\>سŦ<ԓMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hՓ)Yp? E'b&  8P!)Yp?سoŦ ՓMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h֓9Afp? E'b&  8P!9Afp?سoŦ ֓Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hדfݗ? E'b&  8P!fݗ?سŦ$ דMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hؓ? E'b&  8P!?سŦ$ ؓMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Hoh**hٓ ? E'b&  8P! ?سŦl\ ٓMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aExeh**hړ|? E'b&  8P!|?سŦl\ ړMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**xۓx? E'b&  8P!!jx?سƦlxۓMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 463e69a8-b802-48b0-aa7d-ab40977a26be Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f1c59c3a-76bc-4e16-97a2-bf0071231236 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. atx**hܓ>'? E'b&  8P!>'?سܓMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aandh**hݓn? E'b&  8P!n?سݓMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &asofh**hޓ? E'b&  8P!?سƦޓMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adulh**hߓ, '? E'b&  8P!, '?سƦߓMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aecth**hP)#@ E'b&  8P!P)#@س󲦖lPMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h&;#@ E'b&  8P!&;#@س󲦖lPMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h'}8@ E'b&  8P!'}8@س[ǦTMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aL h**h<8@ E'b&  8P!<8@س[ǦTMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aL h**hW@@ E'b&  8P!W@@سfǦ,, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h@@ E'b&  8P!@@سfǦ,, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hvA@ E'b&  8P!vA@س; Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a0 h**ha&A@ E'b&  8P!a&A@س; Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a0 h**xoA@ E'b&  8P!!joA@سx4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5af6ecc8-727b-461f-a098-73b280fdc475 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e8e20833-d37a-40e8-835a-82f9dfed3013 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. sex**h|A@ E'b&  8P!|A@سy Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &al h**hA@ E'b&  8P!A@سy Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &al h**hkJ@ E'b&  8P!kJ@س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h[J@ E'b&  8P![J@س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**J@ E'b&  8P]!jJ@سų Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9ee42136-bade-46d2-ac3b-becc5dd2aacd Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-l1afysa3.iig.ps1 Engine Version = 4.0 Runspace ID = 9beb057b-191e-4ed7-ada8-f477b87e1480 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. **hJ@ E'b&  8P!J@سȦ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hUJ@ E'b&  8P!UJ@سȦ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah  8 E'b&  8PosjmK@س`ɦ D Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ngine Version = 4.0 Runspace ID = 16a78e34-8880-4bfd-94f9-ac53159fe896 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. h@ E'b&  8P!x>h@سX4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hh@ E'b&  8P!h@سX4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (h**xs0i@ E'b&  8P!!js0i@سMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 90772097-c071-4caf-bea2-5a9e72ff7e1a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = cbf6aea0-17f2-4583-b4c3-b64f8705e336 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hCTXi@ E'b&  8P!CTXi@سLMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h @di@ E'b&  8P! @di@سLMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h-di@ E'b&  8P!-di@س@t Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h YPi@ E'b&  8P!YPi@س@t Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**x iji@ E'b&  8P!!jiji@س̦@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 79a904aa-2318-40b1-afd2-105ad85fa295 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6c1c607e-49dd-4a2a-83fc-124dfb3362a1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**h +j@ E'b&  8P!+j@سڵ| Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h %j@ E'b&  8P!%j@سڵ| Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h 2hj@ E'b&  8P!2hj@س̦ ` Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**huj@ E'b&  8P!uj@س̦ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hj@ E'b&  8P!j@سHdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hj@ E'b&  8P!j@سHdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hj@ E'b&  8P!j@س̦L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hp(j@ E'b&  8P!p(j@س̦L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aåA E'b&  8P!>åAس๦ ((Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h)h\_B E'b&  8P!h\_BسЦt@)Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h*Ik_B E'b&  8P!Ik_BسЦt@*Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h+IHiB E'b&  8P!IHiBسѦ +Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h,:iB E'b&  8P!:iBسѦ ,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aath**h-IqB E'b&  8P!IqBس̺ -Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aandh**h.=XqB E'b&  8P!=XqBس̺ .Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &asofh**h/gqB E'b&  8P!gqBسӺ4/Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adulh**h00wqB E'b&  8P!0wqBسӺ40Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aecth**x1ƄrB E'b&  8P!!jƄrBس(4@1Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a916ccfb-5cce-4dcc-9fc1-a1bb339102cb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7bd58843-09ae-4c14-943d-5d1ad074c502 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**h2 8rB E'b&  8P! 8rBس)|2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h3rGrB E'b&  8P!rGrBس)|3Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h4syB E'b&  8P!syBسѦT 4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h5VyB E'b&  8P!VyBسѦT 5Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h6yB E'b&  8P!yBس=6Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h7yB E'b&  8P!yBس=7Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**x8Nx8zB E'b&  8P!!jNx8zBسҦ 8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c5adca4b-3f22-4dc3-96d7-836826ccfeb4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 155afcdc-8b80-4d1d-a4c3-d02eea3b501e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. nax**h9\zB E'b&  8P!\zBسԻt9Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**h:jzB E'b&  8P!jzBسԻt:Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**h;y=zB E'b&  8P!y=zBسۻT;Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h<F)zB E'b&  8P!F)zBسۻT<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &av"{B E'b&  8P9!v"{Bسx  >Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c( **h?c.{B E'b&  8P!c.{Bسx  ?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aaceh**h@ܨ^{B E'b&  8P!ܨ^{Bس@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**hAjn{B E'b&  8P!jn{BسAMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**hB{B E'b&  8P!{BسӦD\BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**hClِ{B E'b&  8P!lِ{BسӦD\CMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hD{B E'b&  8P!{Bس< DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hE9{B E'b&  8P!9{Bس< EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hF8,C E'b&  8P!8,CسFMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hG:C E'b&  8P!:CسGMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hH,C E'b&  8P!,CسtHMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hI,C E'b&  8P!,CسtIMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hJ,C E'b&  8P!,Cس#ԦX @ JMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hK,C E'b&  8P!,Cس#ԦX @ KMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**xLV-C E'b&  8P!!jV-CسxԦX lLMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 308a7c6f-d610-4dd3-b081-e86fc844cb93 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 937a08e9-0a27-49d3-844a-63766b70291c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rsx**hMt-C E'b&  8P!t-CسG( MMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hN-C E'b&  8P!-CسG( NMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hO-C E'b&  8P!-Cس{ԦOMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hPc}-C E'b&  8P!c}-Cس{ԦPMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hQC E'b&  8P!Cسÿ QMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hR C E'b&  8P! Cسÿ RMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hShC E'b&  8P!hCسSMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**hTttC E'b&  8P!ttCسTMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**hUg%C E'b&  8P!g%CسAզLUMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aqueh**hVsC E'b&  8P!sCسAզLVMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**xW\C E'b&  8P!!j\CسF WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = eb3fec3f-37d6-4cd8-a2f2-bd07e351b2d2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1dcde3fc-981f-4d5a-9214-774bbfed05ec Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hXF{/C E'b&  8P!F{/CسG D XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hYg;C E'b&  8P!g;CسG D YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hZáC E'b&  8P!áCس֦ ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**h[C E'b&  8P!Cس֦ [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**h\s-wD E'b&  8P!s-wDسD \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aqueh**h]t wD E'b&  8P!t wDسD ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h^}+zD E'b&  8P!}+zDسצ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h_yD E'b&  8P!yDسצ _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h`ID E'b&  8P!IDس `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**haYVƉD E'b&  8P!YVƉDس aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hb$D E'b&  8P!$Dس bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Coh**hcD E'b&  8P!Dس cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aicyh**xdp&D E'b&  8P!!jp&Dس¦ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 33037fac-a4da-4d7a-a9d7-a09f60c8d837 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 808af95e-f1b2-4745-be91-f3a1a6b6f1d7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8x**he'D E'b&  8P!'DسצT< eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hfD E'b&  8P!DسצT< fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hg&D E'b&  8P!&Dسئ4 gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hhD E'b&  8P!Dسئ4 hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hiu03D E'b&  8P!u03Dس¦ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hjNYAD E'b&  8P!NYADس¦ jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**xkpD E'b&  8P!!jpDسæ$ kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a279445f-8eb0-44b5-afc5-9d5b4c74398d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c3dbec6d-e5cb-4cb0-b981-156d5e3007a5 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hl،D E'b&  8P!،Dس(ئlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hmD E'b&  8P!Dس(ئmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hnD E'b&  8P!Dس4ئ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**hoD E'b&  8P!Dس4ئ oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**xpwD E'b&  8P!!jwDسئpMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ec21125f-7b71-4580-98e9-b6b21de1dd36 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8cc96c03-1e04-471e-9523-739f0f894e5a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. {x**hqC4D E'b&  8P!C4Dسæ XqMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hrwD E'b&  8P!wDسæ XrMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hs*ˍD E'b&  8P!*ˍDسæ sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**htjٍD E'b&  8P!jٍDسæ tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**huD E'b&  8P!Dس٦uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hvHD E'b&  8P!HDس٦vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hw{D E'b&  8P!{Dس!٦ ,wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hxlD E'b&  8P!lDس!٦ ,xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hy*E E'b&  8P!*EسĦ yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**hz$*E E'b&  8P!$*EسĦ zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**h{?E E'b&  8P!?Eس4Ŧ|l {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aqueh**h|O*?E E'b&  8P!O*?Eس4Ŧ|l |Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h}{H?E E'b&  8P!{H?Eس8ŦP T}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h~gT?E E'b&  8P!gT?Eس8ŦP T~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**x?E E'b&  8P!!j?Eس+ڦP  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 75e79b38-f7ca-4d28-8293-e2d4aa4a4b91 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 02817a7a-bd46-4991-81bc-42f20b22cbe9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rsx**h7?E E'b&  8P!7?EسŦ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h?E E'b&  8P!?EسŦ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h$][@E E'b&  8P!$][@EسŦ  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h j@E E'b&  8P! j@EسŦ  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hmE E'b&  8P!mEسhƦMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hx|E E'b&  8P!x|EسhƦMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**h>E E'b&  8P!>EسƦ\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**hԈE E'b&  8P!ԈEسƦ\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**h( E E'b&  8P!( Eسۦ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aqueh**hlE E'b&  8P!lEسۦ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**xdUE E'b&  8P!!jdUEسBǦ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = fc49346d-515f-40f7-81fc-f5aac43aec26 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e44e95aa-4af6-4754-bb79-d71cf709e5f2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hߡE E'b&  8P!ߡEسFǦ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**h̭E E'b&  8P!̭EسFǦ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hyE E'b&  8P!yEسܦDMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**h9!E E'b&  8P!9!EسܦDMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**h@>F E'b&  8P!@>FسǦx Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aqueh**hOF E'b&  8P!OFسǦx Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h-F E'b&  8P!-FسǦMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h˙F E'b&  8P!˙FسǦMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h]z̥F E'b&  8P!]z̥Fس%ަT Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hfإF E'b&  8P!fإFس%ަT Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8hP!j E'b&  8Ps-j=Fس Ȧ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @P!Z(9س]LFMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &afF E'b&  8P!N>Fس0ɦP Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**h*F E'b&  8P!*Fس0ɦP Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**xgF E'b&  8P!!jgFس-খPMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = cd80eb38-ad7c-4e98-96ae-fa8f416462e6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0c2eef4a-8049-41de-9189-ca2759bd7119 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. } x**hF E'b&  8P!Fسɦ HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &_Neh**hUqF E'b&  8P!UqFسɦ HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &32_h**hF E'b&  8P!Fس}খd Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**h9F E'b&  8P!9Fس}খd Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**h F E'b&  8P! Fسɦ XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**h-F E'b&  8P!-Fسɦ XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**x4lF E'b&  8P!!j4lFسʦ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7f32b4cf-d0ff-44b9-9392-406c3feb16a9 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8889019a-0c5b-4472-87cc-484f79d2ccb8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. dx**hF E'b&  8P!Fسখ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &on h**hF E'b&  8P!Fسখ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nPrh**hF E'b&  8P!Fسখ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &teMh**h_'F E'b&  8P!_'Fسখ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**x9F E'b&  8P!!j9FسʦMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a56ccd82-4475-4ee8-9335-40c3b1504ca3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8ce3a30a-142d-4f43-8de1-79fae7a2e134 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ix**h6TF E'b&  8P!6TFسʦ`tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & jh**h#`F E'b&  8P!#`Fسʦ`tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & kh**hmF E'b&  8P!mFس`˦ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &on h**hpճF E'b&  8P!pճFس`˦ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nPrh**h>pF E'b&  8P!>pFسe˦DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &teMh**heF E'b&  8P!eFسf˦dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**hF E'b&  8P!Fسe˦DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-neh**hzF E'b&  8P!zFسf˦dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**h3fG E'b&  8P!3fGسᦖ|LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &_Neh**hGfG E'b&  8P!GfGسᦖ|LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &32_h**hsyG E'b&  8P!syGس]̦Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**hOyG E'b&  8P!OyGس]̦Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**hlyG E'b&  8P!lyGسg̦4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hzG E'b&  8P!zGسg̦4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**x7*zG E'b&  8P!!j7*zGس㦖 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ff909364-9955-4eba-bd81-6a9364ac6f96 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c02022cb-8d05-4074-a9e2-9937be8c0fd3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 2_x**h”PzG E'b&  8P!PzGس̦t ”Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**hÔwzG E'b&  8P!wzGس̦t ÔMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**hĔE{G E'b&  8P!E{Gس㦖P ĔMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hŔ1){G E'b&  8P!1){Gس㦖P ŔMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hƔd[H E'b&  8P!d[Hس0䦖ƔMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hǔH E'b&  8P!Hس0䦖ǔMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hȔÙ,H E'b&  8P!Ù,Hسͦ 4ȔMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hɔk`,H E'b&  8P!k`,Hسͦ 4ɔMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hʔA,H E'b&  8P!A,Hس䦖X ʔMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**h˔l,H E'b&  8P!l,Hس䦖X ˔Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**x̔^yH-H E'b&  8P!!j^yH-Hس6ΦX̔Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4663a341-7221-4ee3-9583-56bfc69d9727 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f8a9304d-5ad7-4d1a-9d6b-651ca570e6d1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. t-x**h͔Tf-H E'b&  8P!Tf-Hس8Φ,͔Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-neh**hΔݣt-H E'b&  8P!ݣt-Hس8Φ,ΔMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**hϔ`-H E'b&  8P!`-Hس妖t ϔMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &_Neh**hДh-H E'b&  8P!h-Hس妖t ДMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &32_h**hє:lH E'b&  8P!:lHسR妖x (єMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**hҔuzH E'b&  8P!uzHسR妖x (ҔMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**hӔ}qH E'b&  8P!}qHسϦӔMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hԔ}H E'b&  8P!}HسϦԔMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hՔH E'b&  8P!Hس妖 LՔMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**h֔6H E'b&  8P!6Hس妖 L֔Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hה47H E'b&  8P!47HسϦ הMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hؔCH E'b&  8P!CHسϦ ؔMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**xٔ6H E'b&  8P!!j6Hسt榖 ٔMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 65a354f8-e361-4aa8-9ce7-313676be0224 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 73d58c0b-3a38-41ba-80f4-15879f2042d3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. } x**hڔ?H E'b&  8P!?HسЦt ڔMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &_Neh**h۔H E'b&  8P!HسЦt ۔Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &32_h**hܔH E'b&  8P!Hس榖X D ܔMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**hݔmH E'b&  8P!mHس榖X D ݔMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**hޔ=H E'b&  8P!=HسIЦLPޔMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hߔ+H E'b&  8P!+HسIЦLPߔMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**xoH E'b&  8P!!joHس-ѦLtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 199fcb5d-7bae-4df4-9a34-913cc69d6a06 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 3923785a-8742-4767-9bbc-f5a2c42d5a12 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. sox-Windows-Pow E'b&  8PPrational ElfChnk::`_Un(=f?mMF &**XݧH E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!ݧHس禖,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hH E'b&  8P!Hس禖,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hTZH E'b&  8P!TZHس禖| Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**h H E'b&  8P! Hس禖| Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**@AIH E'b&  8P!jAIHس禖Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  p;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9de82d4e-9b6b-4d64-a8b9-2d8618079eaa Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c06944fb-ae39-43be-89ba-ce9adcf44a73 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**hmpdH E'b&  8P!mpdHس禖Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Rh**hoH E'b&  8P!oHس禖Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h!H E'b&  8P!!HسѦ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h9H E'b&  8P!9HسѦ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hH E'b&  8P!HسҦMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hH E'b&  8P!HسҦMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hH E'b&  8P!HسҦMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hH E'b&  8P!HسҦMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hUEI E'b&  8P!UEIس視Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hSI E'b&  8P!SIس視Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t Nh**h-xڂI E'b&  8P!-xڂIسӦTMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &utih**hI E'b&  8P!IسӦTMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tioh**hI E'b&  8P!Iس Ӧ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &) {h**h^I E'b&  8P!^Iس Ӧ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**x5I E'b&  8P!!j5IسӦ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8bfd62fb-11d5-4142-ace0-1d3605128629 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0346babf-0ab6-4e8c-bc36-4dab5ca4d80b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hΣI E'b&  8P!ΣIسӦMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hKI E'b&  8P!KIسӦMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t Nh**ho6I E'b&  8P!o6Iس9首dxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &utih**h7 DI E'b&  8P!7 DIس9首dxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tioh**h"2J E'b&  8P!"2JسY首 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &) {h**h"2J E'b&  8P!"2JسY首 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**h5J E'b&  8P!5Jس&զ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &e ah**h5J E'b&  8P!5Jس&զ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & $ch**h:5J E'b&  8P!:5Jس首| Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**h5J E'b&  8P!5Jس首| Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & ih**x$k6J E'b&  8P!!j$k6Jسզ\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 38cd0d77-4234-4ea7-8dfb-8ebc13e91660 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a2a3fe61-7bbf-4424-81d2-7b81ab2a3981 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. iox**h߈6J E'b&  8P!߈6JسզMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &) {h**h6J E'b&  8P!6JسզMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**hK7J E'b&  8P!K7JسdꦖMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &e ah**hj" 7J E'b&  8P!j" 7JسdꦖMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & $ch**haJ E'b&  8P!aJسꦖt Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**hIJ E'b&  8P!IJسꦖt Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & ih**h[J E'b&  8P![JسꦖMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hJ E'b&  8P!JسꦖMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &\SYh**hHJ E'b&  8P!HJسꦖx Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h MJ E'b&  8P!MJسꦖx  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h }J E'b&  8P!}Jسꦖ  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h "J E'b&  8P!"Jسꦖ  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**x 2J E'b&  8P!!j2Jس즖  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 16e62301-85b8-4ac6-8d97-239b1aa86ea7 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 310f6cab-ccc6-4e11-9070-ef476baf8e74 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. SYx**h J E'b&  8P!Jسdצ0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**hJ E'b&  8P!Jسdצ0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**hڜ|J E'b&  8P!ڜ|Jسצ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**hAׇJ E'b&  8P!AׇJسצ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**hu^J E'b&  8P!u^Jس]즖L LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h/J E'b&  8P!/Jس]즖L LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h%J E'b&  8P!%Jسc즖x Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h53J E'b&  8P!53Jسc즖x Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**haeJ E'b&  8P!aeJس즖PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**htwJ E'b&  8P!twJس즖PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**x(J E'b&  8P!!j(JسcPMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 20bb078b-3ccb-49cd-82ba-4a118b9dd148 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c08e2c13-9a9c-4ae5-a42f-15fe6d6d7cb3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $cx**hFJ E'b&  8P!FJسg Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**h1J E'b&  8P!1Jسg Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & ih**h.J E'b&  8P!.Jسp$ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hF:J E'b&  8P!F:Jسp$ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &\SYh**x䓤J E'b&  8P!!j䓤Jسئ$ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1ad90005-d2e3-4dbb-ad72-c82404a79778 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1604926e-1dd0-4123-915e-4b93434674af Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Nx**h BJ E'b&  8P! BJسئ (Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &utih**hJ E'b&  8P!Jسئ (Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tioh**hJ E'b&  8P!Jسئ`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &) {h**h ju J E'b&  8P!ju Jسئ` Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**h!? J E'b&  8P!? Jسئl!Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &e ah**h".J E'b&  8P!.Jسئl"Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & $ch**h# :J E'b&  8P! :Jسئ#Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**h$FJ E'b&  8P!FJسئ$Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & ih**h%sK E'b&  8P!sKس 8%Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h&_K E'b&  8P!_Kس 8&Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &\SYh**h'AK E'b&  8P!AKس0ڦ 'Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h(QOK E'b&  8P!QOKس0ڦ (Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h)(kK E'b&  8P!(kKسP @)Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h*wK E'b&  8P!wKسP @*Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**x+IK E'b&  8P!!jIKس$練P +Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0f778b3c-8f44-4ecf-8128-eaf1a649bccb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 71a050f8-9607-40e8-ab01-de278436e8db Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. iox**h,O K E'b&  8P!O Kسڦ`,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &) {h**h-;K E'b&  8P!;Kسڦ`-Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**h.K E'b&  8P!Kس練.Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &e ah**h/.K E'b&  8P!.Kس練/Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & $ch**h0-JL E'b&  8P!-JLس練0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**h1)ېJL E'b&  8P!)ېJLس練1Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & ih**h2ROL E'b&  8P!ROLسܦ 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h3OL E'b&  8P!OLسܦ 3Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &\SYh**h4€=OL E'b&  8P!€=OLسo 4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h5lIOL E'b&  8P!lIOLسo 5Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**x6OL E'b&  8P!!jOLس^ 6Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d71ddf38-c123-4c0b-acdb-7cee1e5c7e67 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 82c3e30d-087c-417c-8ed9-e3c4e506016e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $cx**h7]JOL E'b&  8P!]JOLسܦ7Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**h8y6OL E'b&  8P!y6OLسܦ8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & ih**h9nMPL E'b&  8P!nMPLسl9Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h:OYPL E'b&  8P!OYPLسl:Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &\SYhEM  E'b&  8Pssage = System error. sox-Windows-Pow E'b&  8PPrational ElfChnk;;Ps(a#(=f?mMF&**X;kL E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!kLسGݦX;Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**h<~L E'b&  8P!~LسGݦX<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**h=ոHL E'b&  8P!ոHLسHݦd @=Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**h>ҕUL E'b&  8P!ҕULسIݦx >Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**h?{YL E'b&  8P!{YLسHݦd @?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h@\fL E'b&  8P!\fLسIݦx @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Verh**hAL E'b&  8P!Lسcݦ AMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Acth**hBk+L E'b&  8P!k+Lسcݦ BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t Rh**@C,L E'b&  8P!j,Lسݦ( CMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7172737f-9c9b-4ded-a1c5-524f17d354ee Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8a2b6463-fa8c-461a-b635-5d6dbc4cbc3c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**hDVL E'b&  8P!VLس DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hEԋbL E'b&  8P!ԋbLس EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hFM E'b&  8P!Mس!ަ HFMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hG# M E'b&  8P!# Mس!ަ HGMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hHM E'b&  8P!Mس% HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hIM E'b&  8P!Mس% IMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t Nh**xJhM E'b&  8P!!jhMسulJMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1abb73cc-7116-4dca-9a40-1e41c051f5ae Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d426a7c0-bfe7-4ff3-99ab-c02c5daef028 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hKQҞM E'b&  8P!QҞMسަ KMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hLM E'b&  8P!Mسަ LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hMM E'b&  8P!Mس% MMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hN$M E'b&  8P!$Mس% NMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hOCM E'b&  8P!CMسM4OMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hPwM E'b&  8P!wMسM4PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t Nh**hQM E'b&  8P!MسN tQMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &utih**hRmM E'b&  8P!mMسN tRMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tioh**xSBP;M E'b&  8P!!jBP;Mس @SMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c28e0a14-9912-4749-ab84-a3eb351dbbcb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9e70a0d5-6946-4b38-a430-1ca006435a87 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hTg-aM E'b&  8P!g-aMس  TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**hUwmM E'b&  8P!wmMس  UMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**hV|M E'b&  8P!|MسߦlVMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hWM E'b&  8P!MسߦlWMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**xX M E'b&  8P!!j MسlXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b268df4b-b16c-42f5-b886-5ead426fe231 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 483df210-a243-4e48-bb70-33ff9e313e70 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. M E'b&  8P!t> Mسখ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d (h**h_-S M E'b&  8P!-S Mس খ _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**h`2` M E'b&  8P!2` Mس খ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**ha %M E'b&  8P! %Mس8 aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**hb0M E'b&  8P!0Mس8 bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**hc M E'b&  8P! Mسখ\ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hd6[M E'b&  8P!6[Mسখ\ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**he,|ϸM E'b&  8P!,|ϸMسখpdeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hfݸM E'b&  8P!ݸMسখpdfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &SYh**xg­MM E'b&  8P!!j­MMسpL gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 88fc94ee-b969-4f17-82ce-be3d6a23e477 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = dfbdb039-1c44-4599-ba07-577bbb2ecc01 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. d-x**hh*zfM E'b&  8P!*zfMسᦖ \ hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &f (h**hierM E'b&  8P!erMسᦖ \ iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d (h**hj*ڹM E'b&  8P!*ڹMسjMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**hkM E'b&  8P!MسkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**hl bN E'b&  8P! bNس lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**hmcN E'b&  8P!cNس mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**hn9skN E'b&  8P!9skNسTnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hoi&kN E'b&  8P!i&kNسToMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hpIkN E'b&  8P!IkNسL pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hqδkN E'b&  8P!δkNسL qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &$ch**xrlN E'b&  8P!!jlNسrMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7f919d84-2f17-443f-85f6-a4394bfa8c0f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6c3168b9-750e-46be-95c9-1285a38b1753 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hsUz4lN E'b&  8P!Uz4lNس⦖ sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**ht@lN E'b&  8P!@lNس⦖ tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hulN E'b&  8P!lNس uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hv|lN E'b&  8P!|lNس vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Nh**hw O E'b&  8P! Oس H wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &utih**hx O E'b&  8P! Oس H xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tioh**hy<'O E'b&  8P!<'Oس8DyMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &) {h**hzO E'b&  8P!OسzMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**h{O E'b&  8P!Oس8D{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &e ah**h|HO E'b&  8P!HOس|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & $ch**h}ChO E'b&  8P!ChOس㦖\ }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**h~$TO E'b&  8P!$TOس㦖\ ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & ih**xLO E'b&  8P!!jLOسMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e88e357e-a6a3-4387-b2c4-67edbe4c33ba Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = fb10bae0-10b9-4d36-bcfe-d740f753f91f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hBSO E'b&  8P!BSOسh䦖 H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**h^?O E'b&  8P!^?Oسh䦖 H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**hiO E'b&  8P!iOس䦖H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hwO E'b&  8P!wOس䦖H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hO E'b&  8P!Oس䦖PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hjO E'b&  8P!jOس䦖PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ioh**xO E'b&  8P!!jOس}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1f171bca-8923-4b12-a522-6b0e1c2d5f27 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 26571d8f-bf2e-48d7-a8b0-9c5c594f1876 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. b-x**hMs8O E'b&  8P!Ms8Oس~ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &f (h**hYDO E'b&  8P!YDOس~ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d (h**h^aO E'b&  8P!^aOسt4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**hmO E'b&  8P!mOسt4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $hapter.MacAdd E'b&  8P} j&Oس2tP Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 82c3e30d-087c-417c-8ed9-e3c4e506016e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $cx**h7]JOL E'b&  8P!]JOLسܦ7Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**h8y6OL E'b&  8P!y6OLسܦ8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & ih**h9nMPL E'b&  8P!nMPLسl9Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h:OYPL E'b&  8P!OYPLسl:Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &\SYhEM  E'b&  8Pssage = System error. sox-Windows-Pow E'b&  8PPrational ElfChnk`lpy(P=f?mMF&a**&O E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j&Oس2tP Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 61d41737-4b9a-4749-88c5-02fcafb9ad9b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 3a33f5fc-929c-4b05-8221-ca3fd878a03d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. c **O E'b&  8P9!Oسs妖< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c(ce**hO E'b&  8P!Oسs妖< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**hL>O E'b&  8P!L>Oسu妖 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**hsKO E'b&  8P!sKOسu妖 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**h"`O E'b&  8P!"`Oس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hjO E'b&  8P!jOسy妖T Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**hjkO E'b&  8P!jkOس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hUwO E'b&  8P!UwOسy妖T Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hoO E'b&  8P!oOس 榖Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hƥO E'b&  8P!ƥOس 榖Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hvO E'b&  8P!vOس 榖@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hiO E'b&  8P!iOس 榖@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h4O E'b&  8P!4Oس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h O E'b&  8P! Oس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at Nh**x )O E'b&  8P!!j )OسMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 53190429-97e4-4549-a4ec-38c4837f789a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 39942618-d35f-4801-97a4-36cc947e7140 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hGO E'b&  8P!GOسg榖X Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hRO E'b&  8P!ROسg榖X Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hO E'b&  8P!Oس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hUlO E'b&  8P!UlOس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h\"e{P E'b&  8P!\"e{Pسu禖h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hXq{P E'b&  8P!Xq{Pسu禖h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at Nh**hGP E'b&  8P!GPس禖D  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &autih**hcSP E'b&  8P!cSPس禖D  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atioh**hoP E'b&  8P!oPس T Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hA%{P E'b&  8P!A%{Pس T Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xP E'b&  8P!!jPسM視\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7e8e2360-71ce-4a61-94d2-61133f0036cc Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7340e5b7-6187-473c-a781-05e97c1946d0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hP E'b&  8P!PسO視Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hP E'b&  8P!PسO視Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hP E'b&  8P!Pس0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hw֋P E'b&  8P!w֋Pس0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h1%Q E'b&  8P!1%Qس, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h%Q E'b&  8P!%Qس, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h;@.Q E'b&  8P!;@.Qس$Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h ,#.Q E'b&  8P! ,#.Qس$Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h6.Q E'b&  8P!6.Qس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hD.Q E'b&  8P!D.Qس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hc.Q E'b&  8P!c.Qسp Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**hFo.Q E'b&  8P!Fo.Qسp Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**x.Q E'b&  8P!!j.Qس8ꦖp Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 340ea37f-b827-478d-b724-2003da46058e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a2219190-fc8e-48f1-ac74-68fb7a6c24db Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hx/Q E'b&  8P!x/QسBꦖX Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hed&/Q E'b&  8P!ed&/QسBꦖX Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h|p3Q E'b&  8P!|p3Qس$ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h}3Q E'b&  8P!}3Qس$ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aSYh**h3Q E'b&  8P!3QسRꦖ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h3Q E'b&  8P!3QسRꦖ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xo4Q E'b&  8P!!jo4Qس p Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c8130a40-a3e9-4a2f-a5f4-91baf63b27ad Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1f81bad7-cbf8-446c-ad50-b14cb2201d52 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**h?4Q E'b&  8P!?4Qس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hI4Q E'b&  8P!I4Qس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hfg4Q E'b&  8P!fg4Qس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**ht4Q E'b&  8P!t4Qس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**x4Q E'b&  8P!!j4Qس릖 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b2d1b401-99c8-4807-baff-9f7f7f9ced86 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 90cef19a-e0c0-4936-8dab-1cfbafa7b758 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**h4p4Q E'b&  8P!4p4Qس릖 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hdJ4Q E'b&  8P!dJ4Qس릖 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h7=5Q E'b&  8P!7=5Qس즖 h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h•;L5Q E'b&  8P!;L5Qس즖 h •Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $h**hÕdi`5Q E'b&  8P!di`5Qس!즖t X ÕMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hĕ m5Q E'b&  8P! m5Qس!즖t X ĕMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hŕ m5Q E'b&  8P! m5Qس"즖$ŕMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hƕx5Q E'b&  8P!x5Qس"즖$ƕMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Nh**hǕ Q E'b&  8P! Qس즖@ ǕMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &autih**hȕ:Q E'b&  8P!:Qس즖@ ȕMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atioh**hɕݝ{Q E'b&  8P!ݝ{QسW , ɕMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a) {h**hʕQ E'b&  8P!QسW , ʕMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aterh**h˕Q E'b&  8P!Qس[@˕Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ae ah**h̕ Q E'b&  8P! Qس[@̕Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $ch**x͕i Q E'b&  8P!!ji Qس@͕Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = cb2d20b2-802d-4e0c-9853-3a10010cd840 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a7be0fc3-a454-4e9b-bd0e-979a7aca8fc4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hΕWS E'b&  8P!>Sس%ݕMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hޕY>S E'b&  8P!Y>Sس%ޕMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hߕΔFS E'b&  8P!ΔFSس) lߕMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hFS E'b&  8P!FSس) lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$ch**hz/FS E'b&  8P!z/FSسX@ d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**h}GS E'b&  8P!}GSسX@ d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a ih**hDGS E'b&  8P!DGSس\@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hRGS E'b&  8P!RGSس\@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a\SYhEM  E'b&  8Pssage = System error. sox-Windows-Pow E'b&  8PPrational ElfChnk44`nk(P=f?mMF&a**(GS E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j(GSسo@l Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 865b2672-fddb-418c-8a7d-e58e5739b6b2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 69c92849-dfc0-41b7-acd8-02cb54acbac8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. c **eGS E'b&  8P9!eGSسp  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c(ce**hm HS E'b&  8P!m HSسp  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**h_9LS E'b&  8P!_9LSس$ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**h0%)LS E'b&  8P!0%)LSس$ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**hGLS E'b&  8P!GLSس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hUmSLS E'b&  8P!UmSLSس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**xcLS E'b&  8P!!jcLSسSMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0b007d85-e6e0-4c21-930a-b962f05bbedd Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 642c34af-128c-40b1-b5e5-54b4aa8f7192 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hj LS E'b&  8P!j LSسUp Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h/JLS E'b&  8P!/JLSسUp Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h37TMS E'b&  8P!37TMSسk Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h#`MS E'b&  8P!#`MSسk Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h#QS E'b&  8P!#QSس(P< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hVB0QS E'b&  8P!VB0QSس(P< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hoTQS E'b&  8P!oTQSس| Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h`cQS E'b&  8P!`cQSس| Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $h**xҶQS E'b&  8P!!jҶQSس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 49794a28-449a-4453-87d8-de298ec1098e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6dbaa727-eec0-48df-82fe-4d4cf1d9bdac Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 1-x**hMQS E'b&  8P!MQSسMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**hQS E'b&  8P!QSسMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**hJRS E'b&  8P!JRSس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h5'RS E'b&  8P!5'RSس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**xc]RS E'b&  8P!!jc]RSس,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 08297749-0cf7-4c63-8a8c-facbdd936867 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ca7ecbbe-58ac-4521-8239-33d261b04ea1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. mdU E'b&  8P!>mdUسC 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af)\V E'b&  8P!)\Vسd>Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h?VV E'b&  8P!VVسo L?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h@BV E'b&  8P!BVسo L@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hAĺV E'b&  8P!ĺVس AMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hBhtV E'b&  8P!htVس BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hCsQV E'b&  8P!sQVسPCMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hDI]V E'b&  8P!I]VسPDMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hE|V E'b&  8P!|VسT EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hFBV E'b&  8P!BVسT FMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**xGj-V E'b&  8P!!jj-VسqT \ GMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 949b052f-6045-473c-bdf7-209116f0313c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7b704c22-630c-4ae8-ab3b-d6360fa2e59e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**hH(V E'b&  8P!(Vس= HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hI#V E'b&  8P!#Vس= IMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hJhV E'b&  8P!hVس: JMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hKTV E'b&  8P!TVس: KMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hLNdoW E'b&  8P!NdoWسs| LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hMoW E'b&  8P!oWسs| MMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hN )xwW E'b&  8P! )xwWس NMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hOuwW E'b&  8P!uwWس OMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hPoiwW E'b&  8P!oiwWسPMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hQ _wW E'b&  8P! _wWسQMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hRwW E'b&  8P!wWس.X RMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hSwW E'b&  8P!wWس.X SMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xT$FxW E'b&  8P!!j$FxWسX h TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0af6b9a9-3fb9-4b5d-9b06-622c923ef28e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 36ee5d01-fc48-4c74-8492-0b8480feb360 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. uex**hUtqxW E'b&  8P!tqxWسUMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hV^~xW E'b&  8P!^~xWسVMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hW%"{W E'b&  8P!%"{Wس WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hXt0{W E'b&  8P!t0{Wس XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hY#N{W E'b&  8P!#N{Wس4 8 YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hZ}Z{W E'b&  8P!}Z{Wس4 8 ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**x[Ŷ{W E'b&  8P!!jŶ{Wس)4 [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e16ff3e6-6b74-40f4-81d2-f90d221523d8 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ba4d52ac-4c01-4c17-9ba3-7894fb4fd933 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**h\,{W E'b&  8P!,{Wس- P \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h]DL{W E'b&  8P!DL{Wس- P ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h^d%[|W E'b&  8P!d%[|Wس~ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h_ g|W E'b&  8P! g|Wس~ _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h`W E'b&  8P!Wس3 `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**haW E'b&  8P!Wس3 aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hbW E'b&  8P!Wس bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hc'W E'b&  8P!'Wس cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**xd%W E'b&  8P!!j%Wس+PdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 104539c3-f744-4860-b696-c8c97428d833 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b1547219-7cb7-4a3a-922e-ce1e7feba535 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**heDW E'b&  8P!DWس,d eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hf~W E'b&  8P!~Wس,d fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hg!W E'b&  8P!!Wس8D gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hh W E'b&  8P! Wس8D hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**xisSW E'b&  8P!!jsSWسD | iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d37619d5-2521-424d-890c-b14a86951f7e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9408e0be-c9d8-4ab1-9bee-645a67b7f7ac Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. {x**hjesnW E'b&  8P!esnWس`@jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hkJ_zW E'b&  8P!J_zWس`@kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hlɂW E'b&  8P!ɂWسl4lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & $h**hmY!ׂW E'b&  8P!Y!ׂWسl4mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hnW E'b&  8P!Wسx\ nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**ho6W E'b&  8P!6Wس0l oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hp]W E'b&  8P!]Wسx\ pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Nh**hq(W E'b&  8P!(Wس0l qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hrZ*X E'b&  8P!Z*XسP rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hs\2h*X E'b&  8P!\2h*XسP sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**htt93X E'b&  8P!t93XسptMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**huY%4X E'b&  8P!Y%4XسpuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hv"4X E'b&  8P!"4XسDvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hwr .4X E'b&  8P!r .4XسDwMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**xxџ4X E'b&  8P!!jџ4Xس xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = fd2130c9-c846-40da-b0fc-e3c5504e1801 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0eb2d6e2-05e4-425f-a67a-5e4643b6e87d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hy@4X E'b&  8P!@4Xس@yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hza4X E'b&  8P!a4Xس@zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h{15X E'b&  8P!15Xس {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h|ă=5X E'b&  8P!ă=5Xس |Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h}{+X E'b&  8P!{+Xس#$ }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h~!9X E'b&  8P!!9Xس#$ ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hhX E'b&  8P!hXسb0 tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hX E'b&  8P!Xسb0 tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hX E'b&  8P!Xس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hjX E'b&  8P!jXس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**xuX E'b&  8P!!juXس. Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c2019b67-a9f2-4123-9cd7-438a38eb1d28 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 71d9922f-040c-4282-8743-2c4960ec0640 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. anx**h|X E'b&  8P!|XسMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hA4X E'b&  8P!A4XسMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hj X E'b&  8P!j Xس1Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h"VX E'b&  8P!"VXس1Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hY E'b&  8P!Yس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h&Y E'b&  8P!&Yس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hYY E'b&  8P!YYس< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h6ǏY E'b&  8P!6ǏYس< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hqY E'b&  8P!qYس0 ( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hڻY E'b&  8P!ڻYس8 t Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hlY E'b&  8P!lYس0 ( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8hP! E'b&  8Ps-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah 8PPrational ElfChnkޖޖ`Z( =f?mMF &**XtXY E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!tXYس8 t Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**@ĒY E'b&  8P!jĒYس t Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  p;)(A? oData= ContextInfo A' =UserData A% =Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 57ba96db-e99e-41f7-82d2-31b1f18ae030 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7553180b-b2ee-474d-bee5-c6e4013dfa57 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**h8Y E'b&  8P!8Yسrp Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & (-h**h`ːY E'b&  8P!`ːYسrp Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**h[?Y E'b&  8P![?Yس) Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ct h**hKY E'b&  8P!KYس) Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &$mah**h0pY E'b&  8P!0pYس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sh**ha~Y E'b&  8P!a~Yس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**x1Y E'b&  8P!!j1Yس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = dcf970f6-6c43-477f-8f3b-80358f90fd52 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5f19d7d4-2aaa-4cab-809c-3547d4a5480e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. c-x**hݴY E'b&  8P!ݴYسMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &f (h**hY E'b&  8P!YسMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d (h**hh9Y E'b&  8P!h9Yس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**hEY E'b&  8P!EYس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**x髗Y E'b&  8P!!j髗Yس  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7878c2d5-a0d0-49e6-bfec-69750f31d337 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e0ed953b-6850-47ea-89da-1e2861977c37 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. r[ E'b&  8P!>r[س( ۖMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &f[ E'b&  8P!!y>[س ݖMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &f~(=f?mMFY&**Xߖc[ E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!c[س-%pߖMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**h q[ E'b&  8P! q[س-%pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hZcq[ E'b&  8P!Zcq[س TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Verh**h$O}[ E'b&  8P!$O}[س TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Acth**h:>[\ E'b&  8P!:>[\س%4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t Rh**htM[\ E'b&  8P!tM[\س%4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &r =h**hzd\ E'b&  8P!zd\س0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &resh**hdd\ E'b&  8P!dd\س0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & }h**hݥd\ E'b&  8P!ݥd\س&L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Winh**h7d\ E'b&  8P!7d\س&L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &s Wh**@)e\ E'b&  8P!j)e\س&LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Yp;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0c1cdcb5-5205-44bf-b43b-5fe47961a9fa Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = bd70832b-dbf8-4699-a3fe-5d77c860c5ef Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. n@**h Ee\ E'b&  8P! Ee\س& Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hCPe\ E'b&  8P!CPe\س& Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**he\ E'b&  8P!e\س | Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**he\ E'b&  8P!e\س | Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h ] E'b&  8P! ]س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h8] E'b&  8P!8]س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hMKJ] E'b&  8P!MKJ]س'lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h6W] E'b&  8P!6W]س'lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**h6t] E'b&  8P!6t]سzMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h] E'b&  8P!]سzMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**x?] E'b&  8P!!j?]س(@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 94bb97a5-ec53-4897-8f49-c25802baca65 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0c40c094-71ba-4444-a0b6-55ac6e0af4c9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Adx**h| ] E'b&  8P!| ]س(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hE] E'b&  8P!E]س(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hЀ] E'b&  8P!Ѐ]س) Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h] E'b&  8P!]س) Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h/e] E'b&  8P!/e]سC) Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h~"r] E'b&  8P!~"r]سC) Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hT] E'b&  8P!T]سD)Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hl] E'b&  8P!l]سD)Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hsG] E'b&  8P!sG]س)T  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hU] E'b&  8P!U]س)T  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h] E'b&  8P!]سMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h ] E'b&  8P! ]سMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**x] E'b&  8P!!j]س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9121fcbf-e934-4484-804f-f4807f0cef99 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1f19da3b-6916-4a19-958b-46ab5855c7ce Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**hF] E'b&  8P!F]س LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hQ] E'b&  8P!Q]س LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h8] E'b&  8P!8]س0* Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hp1] E'b&  8P!p1]س0* Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h] E'b&  8P!]سtl Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hy] E'b&  8P!y]سtl Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**x72@] E'b&  8P!!j72@]س +t Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b0f588fc-1132-448c-964e-eec04bb35a86 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 817cc3bf-7225-485c-943a-4032909cd0f2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h sSd] E'b&  8P!sSd]س +L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h r] E'b&  8P!r]س +L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h "m] E'b&  8P!"m]س+@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h #] E'b&  8P!#]س+@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**x {] E'b&  8P!!j{]س, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4b07fcc7-5bb8-4656-af18-0bd47e9f4617 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 36f69849-72f1-4be2-95c2-67e85601a328 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Scx**h!] E'b&  8P!!]س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hg/] E'b&  8P!g/]س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hPj] E'b&  8P!Pj]س4LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h+y] E'b&  8P!+y]س4LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h0X] E'b&  8P!0X]سe( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hHO] E'b&  8P!HO]سe( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h9] E'b&  8P!9]سf Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h=̰] E'b&  8P!=̰]سf Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hHs^ E'b&  8P!Hs^س+ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hѻs^ E'b&  8P!ѻs^س+ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h^^|^ E'b&  8P!^^|^س7, @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hج|^ E'b&  8P!ج|^س7, @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h|^ E'b&  8P!|^س?, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hW|^ E'b&  8P!W|^س?, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**x!R}^ E'b&  8P!!j!R}^س^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4e0c83c4-45b6-4a9e-b888-75b6de6717f2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = daf7ee1c-fc47-47e9-a52a-a14d76345e8a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h6m}^ E'b&  8P!6m}^س`PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hRy}^ E'b&  8P!Ry}^س`PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h }^ E'b&  8P! }^س,( d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h }^ E'b&  8P!}^س,( d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h!v&_ E'b&  8P!v&_سp !Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h"č&_ E'b&  8P!č&_سp "Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h#s/_ E'b&  8P!s/_سM- #Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h$'/_ E'b&  8P!'/_سM- $Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h%{J/_ E'b&  8P!{J/_سV-%Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h&/_ E'b&  8P!/_سV-&Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**x'-0_ E'b&  8P!!j-0_سD. 'Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e8e61eb1-cfa2-410c-8b71-9079a1315938 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 63ca005f-5af8-48f0-b5f9-3beec22bdac2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**h(H0_ E'b&  8P!H0_س(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h)vT0_ E'b&  8P!vT0_س)Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h*w0_ E'b&  8P!w0_س / *Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h+b0_ E'b&  8P!b0_س / +Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h,(F_ E'b&  8P!(F_سN/t ,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h-IS_ E'b&  8P!IS_سN/t -Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h.O_ E'b&  8P!O_سD .Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h/ʻ[_ E'b&  8P!ʻ[_سD /Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**h0s_ E'b&  8P!s_س(( 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h1 _ E'b&  8P! _س(( 1Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h2tJ_ E'b&  8P!tJ_س/ 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h3^vV_ E'b&  8P!^vV_س/ 3Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**x45_ E'b&  8P!!j5_س0 4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 669afea5-1b5a-4117-8421-c022ae23ed13 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1a03a801-8d0a-4a58-bc19-1ebe1b803a2d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. uex**h59_ E'b&  8P!9_س!0x 5Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h6+_ E'b&  8P!+_س!0x 6Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h7t_ E'b&  8P!t_س7Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h8_ E'b&  8P!_س8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8hP! E'b&  8Ps-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h 8PPrational ElfChnk99XSm Q(L =f?mMF &**X9F_ E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!F_سX09Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**h:_ E'b&  8P!_سX0:Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**@;[re_ E'b&  8P!j[re_سd;Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  p;)(A?L oData= ContextInfo A'L =UserData A%L =Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2cb747a4-4d76-43f8-b45f-8f0aa3ec1aa7 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6073ce0a-27a4-4e7a-b60a-f7127775c429 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**h<`_ E'b&  8P!`_س0<<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceh**h=Ud_ E'b&  8P!Ud_س0<=Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**h>Cz_ E'b&  8P!Cz_سe >Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & (-h**h?o_ E'b&  8P!o_سe ?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**x@1_ E'b&  8P!!j1_س_  D @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a36dc3d8-060f-418a-889f-a1c55bc6e384 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = db7028c1-51c1-4587-82e9-f348cac696ca Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. a E'b&  8P!>aسp2T TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**hU>a E'b&  8P!>aسp2T UMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**hVfGa E'b&  8P!fGaس_$VMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**hWfGa E'b&  8P!fGaس_$WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**hXGa E'b&  8P!Gaس2 XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hYM Ga E'b&  8P!M Gaس2 YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**xZx d E'b&  8P! > dس.| Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hlHA d E'b&  8P!lHA dس. 8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h/) d E'b&  8P!/) dس9Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hw d E'b&  8P!w dس9Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**x> d E'b&  8P!!j> dسa.lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c7b697bd-0105-4a76-92b4-ca03058cdc5e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d18cde63-0970-400a-b247-4f3472197c57 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hBJ1 d E'b&  8P!BJ1 dسe.Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hr6= d E'b&  8P!r6= dسe.Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hO d E'b&  8P!O dس2:X Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hB d E'b&  8P!B dس2:X Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h d E'b&  8P! dس.D8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hC' d E'b&  8P!C' dس.D8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**x_P d E'b&  8P!!j_P dسL/DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4fab7893-5a7d-45fb-9c26-5cc71291336d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 14e012a2-8cb3-4660-94e9-435c4990d0af Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**h d E'b&  8P! dس:D<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h d E'b&  8P! dس:D<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hare E'b&  8P!areس> Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**xre E'b&  8P!!jreس\?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1a5f55dc-b2e9-4b39-845c-d220b9e486b6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8f1c3ef1-faa2-40a3-aaa1-b7abf849be35 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**h@re E'b&  8P!@reس2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h—-re E'b&  8P!-reس2—Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (h**h×se E'b&  8P!seس?H ×Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hėt se E'b&  8P!t seس?H ėMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hŗ$of E'b&  8P!$ofسh@< ŗMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hƗ|f E'b&  8P!|fسh@< ƗMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hǗs"f E'b&  8P!s"fسm@ ǗMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hȗ"f E'b&  8P!"fسm@ ȗMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hɗh#f E'b&  8P!h#fس@ ɗMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hʗDv#f E'b&  8P!Dv#fس@ ʗMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h˗{#f E'b&  8P!{#fس3,˗Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h̗g#f E'b&  8P!g#fس3,̗Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**x͗0+9$f E'b&  8P!!j0+9$fس#4, ͗Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5c55a24a-9be0-4d49-8d1b-6b2a233de597 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1b5005fd-009c-499d-9ef5-f6e0f9151b15 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hΗEa$f E'b&  8P!Ea$fس'4P t ΗMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hϗq-m$f E'b&  8P!q-m$fس'4P t ϗMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hЗWę$f E'b&  8P!Wę$fسJA ЗMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hї j$f E'b&  8P! j$fسJA їMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hҗ$f E'b&  8P!$fسr4 h җMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hӗ$f E'b&  8P!$fسr4 h ӗMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**xԗ=%f E'b&  8P!!j=%fسA  ԗMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 201789da-8a29-4dd8-9e33-27f69c3ccb41 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 542d3190-0ac9-40d9-86b4-a5e7369174d4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**h՗7*Z%f E'b&  8P!7*Z%fس4|՗Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h֗g%f E'b&  8P!g%fس4|֗Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a@h E'b&  8P!>@hسJ0 x Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h @h E'b&  8P! @hسJ0 x Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hAh E'b&  8P!AhسJ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h=Ah E'b&  8P!=AhسJ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xAh E'b&  8P!!jAhسK <Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3ba1b072-9911-4958-9bea-c74dec66dc28 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = fd556409-2d57-4189-b733-366ba6a8e602 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**h Ah E'b&  8P! AhسK Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h2Ah E'b&  8P!2AhسK Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hS8 +Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h,9i E'b&  8P!9iس>8 ,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h-宦i E'b&  8P!宦iسNX  -Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h.Ѻi E'b&  8P!ѺiسNX  .Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h/ئi E'b&  8P!ئiس#N/Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h0i E'b&  8P!iس#N0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach E E'b&  8P1aj$YiسN1Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @pt Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. uex**h59_ E'b&  8P!9_س!0x 5Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h6+_ E'b&  8P!+_س!0x 6Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h7t_ E'b&  8P!t_س7Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h8_ E'b&  8P!_س8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8hP! E'b&  8Ps-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h 8PPrational ElfChnk11`}4Y5(P=f?mMF&a**1$Yi E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j$YiسN1Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 73faf740-47cf-4ccc-8993-95eabccf8ab2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 428d5687-2769-4f8b-b2e2-612e7977d99b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. **2si E'b&  8P9!siسZ?2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c( S**h3,oi E'b&  8P!,oiسZ?3Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h4(i E'b&  8P!(iس O,4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aaceh**h5i E'b&  8P!iس O,5Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**h6@Jj E'b&  8P!@Jjس@X6Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h7SLJj E'b&  8P!SLJjس@X7Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h8JSj E'b&  8P!JSjسXO 8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h9XSj E'b&  8P!XSjسXO 9Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h:{Sj E'b&  8P!{Sjس@d :Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h;һSj E'b&  8P!һSjس@d ;Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h<|Sj E'b&  8P!|Sjس@<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**h=DSj E'b&  8P!DSjس@=Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**x>JTj E'b&  8P!!jJTjس]A>Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9eee85be-81b5-426f-b5b4-d1e7de934399 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1148c087-d07b-4b63-a2a1-3e2f2c758254 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**h?HTj E'b&  8P!HTjس;Pp ?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h@TCWTj E'b&  8P!TCWTjس;Pp @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hApVj E'b&  8P!pVjسA( AMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hBqVj E'b&  8P!qVjسA( BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hCWj E'b&  8P!WjسgP lCMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hDWj E'b&  8P!WjسgP lDMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**xEWj E'b&  8P!!jWjس>B EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2289090a-2d15-4a2f-93f0-32d89c753a62 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c8ad939d-05a2-4ce3-9bb1-6ab1f6d593ac Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hFWj E'b&  8P!WjسP4 FMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hGnWj E'b&  8P!nWjسP4 GMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aO, ,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h%3vn E'b&  8P!%3vnس>O, ,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hoЄn E'b&  8P!oЄnسDOMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hބn E'b&  8P!ބnسDOMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hš"n E'b&  8P!š"nس'[@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h<1n E'b&  8P!<1nس'[@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xѪn E'b&  8P!!jѪnس\@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d1107950-c21b-449f-b006-9ac13066230a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 773b7a50-6784-4ebd-8ec6-861aaee3ab90 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. uex**h݅n E'b&  8P!݅nسyOMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hn E'b&  8P!nسyOMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h n E'b&  8P! nسO Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hn E'b&  8P!nسO Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h~0n E'b&  8P!~0nسOMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hP͆n E'b&  8P!P͆nسOMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xg7n E'b&  8P!!jg7nس\p Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 57fd867e-9f2d-4b74-8eb0-24a35132d056 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 547bf748-ca7c-4923-8a13-3a15dc761295 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**hIPn E'b&  8P!IPnسP< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**he^n E'b&  8P!e^nسP< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hRӇn E'b&  8P!RӇnس]h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h;߇n E'b&  8P!;߇nس]h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hp(n E'b&  8P!p(nس6P Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h:n E'b&  8P!:nس6P Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hn E'b&  8P!nسE^8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hYn E'b&  8P!YnسE^8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh** zn E'b&  8P !jznسG^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational "p Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ebfb992b-a5a4-4798-802d-f8a6537a6526 Host Application = powershell.exe -NoProfile -NonInteractive -Command try { $ErrorActionPreference = "Stop" $ProgressPreference = "SilentlyContinue" $modules = Get-InstalledModule -ErrorAction SilentlyContinue if ($modules) { foreach ($mod in $modules) { [PSCustomObject]@{ Name = $mod.Name Version = $mod.Version.ToString() Repository = $mod.Repository Author = $mod.Author } | ConvertTo-Json -Compress Write-Output "---SEPARATOR---" } } } catch { Write-Error $_.Exception.Message; exit 1 } Engine Version = 4.0 Runspace ID = 72787648-2897-4c1a-a75c-b586453ccff8 Pipeline ID = 1 Command Name = Command Type = Script Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The term 'Get-InstalledModule' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Fully Qualified Error ID = Microsoft.PowerShell.Commands.WriteErrorException oso **h n E'b&  8P! nسTPt Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hyn E'b&  8P!ynسTPt Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hp]n E'b&  8P!p]nسPD (Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hh**h+jn E'b&  8P!+jnسPD (Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &toph**h*n E'b&  8P!*nسP Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceMh**hv[n E'b&  8P!v[nسP Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nteh**xF n E'b&  8P!!jF nس'_h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b649ba48-73c0-4c42-9402-4593f01053e0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 234bda54-4f16-44dc-b9de-2c60ce6ab5bf Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. sox**hT2n E'b&  8P!T2nس+_ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**h@n E'b&  8P!@nس+_ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**h_n E'b&  8P!_nس7_ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**h;ln E'b&  8P!;lnس7_ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**xNn E'b&  8P!!jNnس(` |Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 62eba8b1-48f8-4df7-aebe-19c5f938cf62 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d3f0da66-ef91-40ab-a92e-98f4eee736c8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h@n E'b&  8P!@nس)`  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & ($h**h˜n E'b&  8P!nس)`  ˜Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hØ&7n E'b&  8P!&7nسQ X ØMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &TEMh**hĘDDn E'b&  8P!DDnسQ X ĘMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hŘ)_n E'b&  8P!)_nس` ŘMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hƘln E'b&  8P!lnس` ƘMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hǘyn E'b&  8P!ynس`P|ǘMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hȘn E'b&  8P!nس`P|ȘMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hɘ67o E'b&  8P!67oسfa8ɘMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hʘD7o E'b&  8P!D7oسfa8ʘMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**h˘ jAo E'b&  8P! jAoس R P˘Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hh**h̘YxAo E'b&  8P!YxAoس R P̘Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &toph**h͘RAo E'b&  8P!RAoسa`͘Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceMh**hΘTAo E'b&  8P!TAoسa`ΘMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nteh**xϘEBo E'b&  8P!!jEBoسbdϘMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f2a90cb3-c9e3-457a-8d79-e0665fd9ce1d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = df25d4a9-69cb-4f2f-b6be-3ca733708344 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. sox**hИ:Q5Bo E'b&  8P!:Q5Boس8RLPИMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hh**hј/ABo E'b&  8P!/ABoس8RLPјMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &toph**hҘiBo E'b&  8P!iBoسct ҘMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceMh**hӘƸBo E'b&  8P!ƸBoسct ӘMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nteh**hԘko E'b&  8P!koسSh ԘMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-00h**h՘o E'b&  8P!oسSh ՘Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & igh**h֘9o E'b&  8P!9oسc H ֘Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onfh**hטyEo E'b&  8P!yEoسc H טMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rCoh**hؘsco E'b&  8P!scoسc ؘMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & igh**h٘no E'b&  8P!noسc ٘Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & hommand Type  E'b&  8P PjoسS  ژMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @sage = System error. 姢p E'b&  8P!!j>姢pسQg 4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1eeaba38-535b-44a5-a726-9bd2c6b29886 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7f33abe7-02d3-4040-b19f-8b5df9fdc70a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. r E'b&  8P!>rسX Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aecth**h r E'b&  8P!rسX Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h r E'b&  8P!rسX Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**x ׶r E'b&  8P!!j׶rسUl Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e016b4be-85ac-47fb-83ef-9a04988cecde Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = eeae5546-d790-4ef5-bb4f-d574bd86cb2f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ntx**hr E'b&  8P!rسXd Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arsth**hȵr E'b&  8P!ȵrسXd Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aFirh**hT r E'b&  8P!T rسl Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a9deh**hr@+ r E'b&  8P!r@+ rسl Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aUseh**hbSr E'b&  8P!bSrسY@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hcN_r E'b&  8P!cN_rسY@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h}Gr E'b&  8P!}Grسm Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hZTr E'b&  8P!ZTrسm Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hI̵r E'b&  8P!I̵rسYpMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h|ڵr E'b&  8P!|ڵrسYpMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hr E'b&  8P!rسmd Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &actih**hҋ'r E'b&  8P!ҋ'rسmd Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Roh**x'r E'b&  8P!!j'rس ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a01c1aea-57a9-44c2-8743-04544dbb94ab Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = dbb69a80-26d1-460d-b9f8-7bac03644d85 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error.  x**hnǶr E'b&  8P!nǶrسnlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hնr E'b&  8P!նrسnlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hթr E'b&  8P!թrسMZh Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aPh**hrr E'b&  8P!rrسMZh Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aPh**h{պr E'b&  8P!{պrسnhL Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h 0r E'b&  8P!0rسnhL Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**x!hKr E'b&  8P!!jhKrسsoh !Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 789a8f9c-b7a3-45de-b8ec-2d45802e1401 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 874e4440-3bcc-4bd3-8e73-d22a77a94a20 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ntx**h"er E'b&  8P!erسZ "Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arsth**h#qr E'b&  8P!qrسZ #Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aFirh**h$ۻr E'b&  8P!ۻrسp @$Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a6beh**h%nr E'b&  8P!nrسp @%Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aUseh**h&Lr E'b&  8P!LrسmpH &Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aLh**h'p[r E'b&  8P!p[rسmpH 'Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aLh**h(වr E'b&  8P!වrسnp h(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at h**h)7r E'b&  8P!7rسnp h)Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at hӘM E'b&  8Pt-jrس5q *Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ԘMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-00h**h՘o E'b&  8P!oسSh ՘Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & igh**h֘9o E'b&  8P!9oسc H ֘Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onfh**hטyEo E'b&  8P!yEoسc H טMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rCoh**hؘsco E'b&  8P!scoسc ؘMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & igh**h٘no E'b&  8P!noسc ٘Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & hommand Type  E'b&  8P PjoسS  ژMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @sage = System error. ">rs E'b&  8P!!j">rsسs>Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 27cd63a1-033b-4cb8-9674-6115107a153f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c601d35f-8f92-4257-b259-5f6d51b25a70 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. t E'b&  8P!>tسLw, @WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aandh**hX:&t E'b&  8P!:&tسLw, @XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &asofh**hYxit E'b&  8P!xitس`T YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adulh**hZ "wt E'b&  8P! "wtس`T ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aecth**h[7t E'b&  8P!7tسw [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h\{t E'b&  8P!{tسw \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**x]t E'b&  8P!!jtسw t]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4f87dfb7-97b1-4521-a54f-3f96d376b2bd Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6ca5fccb-93c8-47c5-8c42-f5c3930ff554 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ntx**h^Bt E'b&  8P!Btسw4^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arsth**h_}Nt E'b&  8P!}Ntسw4_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aFirh**h`kt E'b&  8P!ktسdax`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a9deh**havt E'b&  8P!vtسdaxaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aUseh**xbt E'b&  8P!!jtس*bx bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b2793755-d0a2-4025-a069-bd477937db7c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e71d32da-fcaa-4fe1-b271-826875241bdf Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hc Ft E'b&  8P! Ftس,b(cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hdt E'b&  8P!tس,b(dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**he:t E'b&  8P!:tسb| PeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hf$Et E'b&  8P!$Etسb| PfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hg]t E'b&  8P!]tسbLgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hh=lt E'b&  8P!=ltسbLhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hiv E'b&  8P!>vسg(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hKv E'b&  8P!Kvسg(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**xv E'b&  8P!!jvس}0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 752d49db-be63-41dc-83a3-68f801c80b6c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 56acbc93-8f67-4dc3-ada8-298931a70db2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. xv E'b&  8P!>xvسiLMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hԨv E'b&  8P!Ԩvسi X Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hov E'b&  8P!ovسi X Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a w E'b&  8P!> wس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h9w E'b&  8P!9wسiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hM&w E'b&  8P!M&wسiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hyFw E'b&  8P!yFwس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hTw E'b&  8P!Twس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**xʟw E'b&  8P!!jʟwسҀ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0e1621f2-52c3-4ee9-a07b-bd51318db148 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ef62a017-1ae5-417e-97b1-d9f4fd038d99 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hpw E'b&  8P!pwسi 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hw E'b&  8P!wسi 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hRxdw E'b&  8P!Rxdwس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**how E'b&  8P!owس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aath**hNϧw E'b&  8P!Nϧwسjt Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aandh**h%ߧw E'b&  8P!%ߧwسjt Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &asofh**hKKx E'b&  8P!KKxسCkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adulh**h{2Kx E'b&  8P!{2KxسCkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aecth**hnQx E'b&  8P!nQxس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hmZQx E'b&  8P!mZQxس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hRx E'b&  8P!RxسhkT  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hk Rx E'b&  8P!k RxسhkT  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xLRx E'b&  8P!!jLRxسFT ,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7506345b-7ce7-435d-a567-c70c7cffe401 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 76528310-3447-4610-b277-42c58e91ffa7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. irx**hݲRx E'b&  8P!ݲRxس&l@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a9deh**hȾRx E'b&  8P!ȾRxس&l@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aUseh**h:(Sx E'b&  8P!:(Sxس| Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h4Sx E'b&  8P!4Sxس| Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h)x E'b&  8P!)xس΂Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hMx E'b&  8P!Mxس΂Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hx E'b&  8P!xسmh`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hx E'b&  8P!xسmh`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hmx E'b&  8P!mxس낧Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hmx E'b&  8P!mxس낧Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**h x E'b&  8P! xس|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**h!x E'b&  8P!!xس|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**x:2x E'b&  8P!!j:2xسn Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 64ad7de1-bff8-41ad-bc7b-ea91ce4dcdf0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = cfd47003-7a1b-4cb5-828d-71b39b77670f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h)x E'b&  8P!)xس6X  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aPh**hcx E'b&  8P!cxس6X  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aPh**hOy E'b&  8P!OyسMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h™˔\y E'b&  8P!˔\yس™Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hÙy E'b&  8P!yسnÙMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hę:y E'b&  8P!:yسnęMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xřky E'b&  8P!!jkyس2řMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1add243d-4f64-4eae-84ee-afef3293d825 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 544a3fac-e00f-4dea-8f53-d045bee960fc Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. irx**hƙ-y E'b&  8P!-yس3 ƙMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a6beh**hǙ):y E'b&  8P!):yس3 ǙMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aUseh**hșXy E'b&  8P!Xyس? șMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aLh**həsdy E'b&  8P!sdyس? əMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aLh**xʙXy E'b&  8P!!jXyس ʙMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = fb6acb9a-a09c-49ab-aab9-9ec7b0ec2e15 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 81b9792e-6144-4a4d-be31-f7f9f0f8a8e3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ^3} E'b&  8P!^3}سM4 >Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &fΗ E'b&  8P!>Ηس xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h/ E'b&  8P!/س xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hEN E'b&  8P!ENس tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h>+ E'b&  8P!>+س tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h"U E'b&  8P!"Uس?h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h2A) E'b&  8P!2A)س?h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hG E'b&  8P!GسH0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hXT E'b&  8P!XTسH0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**x$yƴ E'b&  8P!!j$yƴسMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 28515f56-5872-4d4c-b53b-17f94150f2cd Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b5d06551-59ec-4333-8dbd-47d8f81c2c0b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. anx**hXⴀ E'b&  8P!Xⴀس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hI E'b&  8P!Iس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hY E'b&  8P!Yس$xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**he E'b&  8P!eس$xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hWX E'b&  8P!WXسG ( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hҜ"X E'b&  8P!Ҝ"XسG ( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h ` E'b&  8P! `سM tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hi` E'b&  8P!i`سM tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hm` E'b&  8P!m`سN,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h< a E'b&  8P!< aسN,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hRa E'b&  8P!RaسTMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hu5aa E'b&  8P!u5aaسTMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xa E'b&  8P!!jaس\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 08940fdc-f900-44a6-8915-78065535bf17 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = dba89773-84ed-4982-b601-b53e479fd187 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**h0Ab E'b&  8P!0AbسddMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hP-b E'b&  8P!P-bسddMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h2f E'b&  8P!2fسtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hf E'b&  8P!fسtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hjEg E'b&  8P!jEgسH L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hK<&g E'b&  8P!K<&gسH L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**xc@g E'b&  8P!!jc@gسjH Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = fe66c3ee-a6d3-4ceb-bb28-c32810731d5b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 15821d02-794a-4703-bd18-12d54d9f077d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hQ_g E'b&  8P!Q_gسl Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hg E'b&  8P!gسl Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hyt(h E'b&  8P!yt(hسס( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h`4h E'b&  8P!`4hسס( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h1k E'b&  8P!1kسH $ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h@k E'b&  8P!@kسH $ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hak E'b&  8P!akسMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h[qk E'b&  8P![qkسMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**xk E'b&  8P!!jkسMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 57817676-c0d3-466e-aa71-93e6fabf784d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 64179a9f-ff72-402d-8476-3d654b9d4157 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rsx**hI l E'b&  8P!I lس0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hY5l E'b&  8P!Y5lس0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h7l E'b&  8P!7lسl Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hEl E'b&  8P!Elسl Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**x0l E'b&  8P!!j0lسlx Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 007be5cd-d4bc-4a9f-9162-4f4568207eeb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5c6d0f0a-ac0b-4674-aceb-420ec58d954c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ntx**hl E'b&  8P!lسlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hl E'b&  8P!lسlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hm E'b&  8P!mس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hom E'b&  8P!omس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hU)m E'b&  8P!U)mس# \ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h% 7m E'b&  8P!% 7mس# \ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h2QKm E'b&  8P!2QKmس, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h=Wm E'b&  8P!=Wmس, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hZ1 E'b&  8P!Z1سg< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hw > E'b&  8P!w >سg< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hN; E'b&  8P!N;سxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hJ E'b&  8P!JسxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hLg E'b&  8P!Lgس4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h5u E'b&  8P!5uس4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**x E'b&  8P!!jسMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4c0dec1d-acd7-4d13-a3e2-98b26948e692 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 91c734bf-a2ae-41e9-9122-085c13d74205 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hE E'b&  8P!Eس4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hšb E'b&  8P!bس4 šMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hÚ E'b&  8P!سRlÚMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hĚH E'b&  8P!HسRlĚMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hŚwƂ E'b&  8P!wƂسj ŚMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hƚg Ƃ E'b&  8P!g Ƃسj ƚMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hǚn т E'b&  8P!n тسå ǚMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hȚ/т E'b&  8P!/тسå ȚMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hɚ 7т E'b&  8P! 7тسͥ ɚMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hʚBт E'b&  8P!Bтسͥ ʚMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**x˚9т E'b&  8P!!j9тسN 8˚Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = afdd7109-86eb-4fe5-999d-1f666d76fc74 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = aff6f383-073b-44a0-b68f-c68b4e3cac9f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. anx**h̚т E'b&  8P!тسP(̚Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h͚qт E'b&  8P!qтسP(͚Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hΚK҂ E'b&  8P!K҂سϦXHΚMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hϚY҂ E'b&  8P!Y҂سϦXHϚMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &quehe Number = 1 E'b&  8P Shell ID = Microsoft.PowerShell Error Message = System error. x 8PPrational ElfChnkКК`J -0(=f?mMF&**XКITEp E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!ITEpسL,КMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hњSp E'b&  8P!SpسL,њMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hҚWx E'b&  8P!Wxس{4ҚMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**hӚx E'b&  8P!xس{4ӚMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**hԚHE=y E'b&  8P!HE=yسէ <ԚMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**h՚Ky E'b&  8P!Kyسէ <՚Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &00-h**h֚y E'b&  8P!yسX ֚Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**hך0y E'b&  8P!0yسX ךMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**@ؚNz E'b&  8P!jNzسX ؚMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7dceee25-3e85-4b39-8d7f-c4fe805e7749 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = cc379ba3-a7fa-47bd-874b-ef9ac2bb23c6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**hٚUCz E'b&  8P!UCzسːٚMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & (-h**hښAOz E'b&  8P!AOzسːښMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**hۚ܏{ E'b&  8P!܏{س䨧 ۚMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ct h**hܚ(՜{ E'b&  8P!(՜{س䨧 ܚMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &$mah**hݚy{ E'b&  8P!y{س樧0 $ ݚMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sh**hޚJ{ E'b&  8P!J{س樧0 $ ޚMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**xߚO| E'b&  8P!!jO|س0 <ߚMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 76a5a56e-005f-46a1-b13b-02744edb7173 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e05183ae-e054-44dd-8255-1703091aace2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. c-x**h<w| E'b&  8P!<w|سMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &f (h**hx| E'b&  8P!x|سMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d (h**hm| E'b&  8P!m|س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**h| E'b&  8P!|س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**x9} E'b&  8P!!j9}سS Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9f3920d8-0cb3-43c2-a7d7-d55620be25f9 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 71ba02f5-c7d6-402b-a031-5839b7bc416c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ꣠ E'b&  8P!꣠س >Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**h?4 E'b&  8P!4سn<?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h@= E'b&  8P!=سD@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hAũ E'b&  8P!ũسn<AMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hBYƩ E'b&  8P!YƩسDBMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hCu E'b&  8P!uس=CMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hD  E'b&  8P! س=DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xEdt E'b&  8P!!jdtس,EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b41195bd-93bc-46f4-b34c-2647e4dd083f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 606e0d9c-0fc1-42c7-b255-80b7f1ccf9af Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**hF- E'b&  8P!-س , FMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hG{ͪ E'b&  8P!{ͪس , GMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hHd; E'b&  8P!d;س9,HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hI6I E'b&  8P!6Iس9,IMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hJg E'b&  8P!gس1l JMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hKs E'b&  8P!sس1l KMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**xL㮇 E'b&  8P!!j㮇سLMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 20eb2397-c6ae-44c8-8b2c-72ffb24d753e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e051f1c1-a62e-45ed-8ac9-e01127fa1a05 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Scx**hM E'b&  8P!سW MMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hN  E'b&  8P! سW NMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hO=y E'b&  8P!=yسd OMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hP( E'b&  8P!(سd PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hQ  E'b&  8P! س~ QMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hR E'b&  8P!س~ RMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hS? E'b&  8P!?س"4 SMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hTN E'b&  8P!Nس"4 TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**xU0 E'b&  8P!!j0س4 L UMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 20d3aac8-8648-49b8-9c1a-741fa990dbeb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1a5d37e0-da36-47ce-a4c6-1061e52f2f0d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Scx**hVⲇ E'b&  8P!ⲇس÷X VMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rsh**hWp E'b&  8P!pس÷X WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hX2 E'b&  8P!2س̷DXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hY E'b&  8P!س̷DYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**xZ~ E'b&  8P!!j~س͡DZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5b23357d-0b5e-40c0-ab43-79371d3f5471 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 250b8549-ef6d-4d9e-bb7f-b30c0cc3ac23 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Scx**h[ E'b&  8P!س[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nth**h\Ş E'b&  8P!Şس\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h]F&ݳ E'b&  8P!F&ݳس ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h^-鳇 E'b&  8P!-鳇س ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h_Ŧ E'b&  8P!ŦسT _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h`  E'b&  8P! سT `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**ha E'b&  8P!س aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hbdx% E'b&  8P!dx%س bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hcm\ E'b&  8P!m\س cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hd\K\ E'b&  8P!\K\س dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**he:Se E'b&  8P!:Seسࢧ eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hf,e E'b&  8P!,eسࢧ fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hgLe E'b&  8P!Leس䢧<gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hh ]e E'b&  8P! ]eس䢧<hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**xi|x E'b&  8P!>xس\ DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h E'b&  8Pt-Windows-PowerShell/Operational &h 8PPrational ElfChnkVVD(=f?mMF&**X'My E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!'Myس㬧 @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hG_y E'b&  8P!G_yس㬧 @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**h' E'b&  8P!'س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**h' E'b&  8P!'س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**hh* E'b&  8P!h*سMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**hپ* E'b&  8P!پ*سMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &00-h**h&* E'b&  8P!&*سl Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**h&* E'b&  8P!&*سl Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**@m+ E'b&  8P!jm+سul Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 453c3feb-8a94-4ff2-90e4-ee42ef0a0d2c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 2f1e0678-40ee-42e9-aecf-93bbecf1187e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -@**h+ E'b&  8P!+سMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**h ͗+ E'b&  8P!͗+س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ct h**h ^, E'b&  8P!^,س  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &$mah**h  , E'b&  8P! ,س  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sh**h .8ҋ E'b&  8P!.8ҋسů0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Sh**h Fҋ E'b&  8P!Fҋسů0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h6fڋ E'b&  8P!6fڋس\§PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h7vڋ E'b&  8P!7vڋس\§PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hڋ E'b&  8P!ڋس]§<4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h¥ڋ E'b&  8P!¥ڋس]§<4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hQڋ E'b&  8P!Qڋسү8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h6{ڋ E'b&  8P!6{ڋسү8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**x Mۋ E'b&  8P!!j MۋسMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = cb42fed8-03ea-4017-a33c-9ec5a01804e6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 581ab21f-6586-4fe7-a890-264ebf630ac9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**hۋ E'b&  8P!ۋسçMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h*iۋ E'b&  8P!*iۋسçMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h~~݋ E'b&  8P!~~݋س䰧LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hIj݋ E'b&  8P!Ij݋س䰧LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hԔ݋ E'b&  8P!Ԕ݋سMç tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h3݋ E'b&  8P!3݋سMç tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**xz'ދ E'b&  8P!!jz'ދس-ħ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6974ce09-1b98-4486-90ca-cda8609cee5f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1da88d25-83cf-4b8f-89e7-eeb2398f1e75 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**h@Fދ E'b&  8P!@Fދس.ħ  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d (h**h>Uދ E'b&  8P!>Uދس.ħ  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**hދ E'b&  8P!ދسd0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**hNދ E'b&  8P!Nދسd0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**h ϖ~ E'b&  8P!ϖ~سL Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**h!M' E'b&  8P!M'سL!Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**h" E'b&  8P!سT  "Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**h# E'b&  8P!سT  #Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**x$3 E'b&  8P!!j3س#T $Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c579e813-2d73-4f94-bc7f-300fd84a1dad Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b82a1294-c0ff-432a-bd1b-4fc5d358ccfa Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error.  E'b&  8P!>س D0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &۾h**h1 E'b&  8P!س D1Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ͩh**h2Wf E'b&  8P!Wfسǧ ,2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ͩh**h3S s E'b&  8P!S sسǧ ,3Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h4_: E'b&  8P!_:سy< |4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h5ڛ E'b&  8P!ڛسy< |5Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &өh**h6ax E'b&  8P!axس}ǧ( 6Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &өh**h7ɖ E'b&  8P!ɖس}ǧ( 7Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &٩h**x84I E'b&  8P!!j4Iس<ȧX 8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 052317c9-4633-4ddc-9624-6ca8d0f94085 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ff09a578-b253-4224-ad6c-49ce7a902b39 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h9f E'b&  8P!fسl 9Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h:s E'b&  8P!sسl :Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h;헌 E'b&  8P!헌سc8 ;Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h<  E'b&  8P! سc8 <Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h=5@ E'b&  8P!5@سȧ =Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h>LC@ E'b&  8P!LC@سȧ >Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h?%]I E'b&  8P!%]Iس5P ?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h@PmI E'b&  8P!PmIس5P @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hAnI E'b&  8P!nIس-ɧ AMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hB߼I E'b&  8P!߼Iس-ɧ BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**xCJ E'b&  8P!!jJسɧ@CMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d89d969e-598f-4e92-b044-067d3239a019 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ce91488e-48f1-43d7-a059-d92ac41b69d2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. erx**hDw2J E'b&  8P!w2Jسc tDMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hE AJ E'b&  8P! AJسc tEMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hF6J E'b&  8P!6JسFʧ FMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hG`J E'b&  8P!`JسFʧ GMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hHox E'b&  8P!oxسʧHMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hIT  E'b&  8P!T سʧIMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hJ E'b&  8P!س|JMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hK4 E'b&  8P!4س|KMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hLON E'b&  8P!ONسʧ 4LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hM9\ E'b&  8P!9\سʧ 4MMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hNw6 E'b&  8P!w6س趧\NMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**hO E'b&  8P!س趧\OMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &werh**xPD# E'b&  8P!!jD#س>PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 962f982e-1713-4945-9371-d7a73e11e68c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ec3210c5-966c-4af6-82c4-973e6d696568 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 00x**hQP E'b&  8P!PسBh X QMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & igh**hR\ E'b&  8P!\سBh X RMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onfh**hS^  E'b&  8P!^ سqSMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rCoh**hTy E'b&  8P!yسqTMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & igh**hUNA E'b&  8P!NAس XUMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hVP E'b&  8P!Pس XVMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &r Mhsage = Syste E'b&  8Pjسl  WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ell/Operational &h**h>x E'b&  8P!>xس\ DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h E'b&  8Pt-Windows-PowerShell/Operational &h 8PPrational ElfChnkWW`RgG(P=f?mMF&a**W E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jسl  WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 68da431c-0a6f-47b5-86c3-1ebb9669f4ac Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5559d6f9-5730-4f9b-8874-a1f9331c91fc Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. c **XBU E'b&  8P9!BUس˧XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c(ce**hY E'b&  8P!س˧YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**hZh E'b&  8P!hس˧ D ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**h[9# E'b&  8P!9#س˧ D [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**x\dґ E'b&  8P!!jdґسļ 4\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 93a4135c-65db-48a2-87f3-d1e6da36a58a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e6c74c42-ab5d-42d4-9040-9a7ec526d8de Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. F E'b&  8P!>Fس 㧖 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8hP! E'b&  8Ps-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah 8PPrational ElfChnkYY`=Mw(=f?mMFQ&**XTMF E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!TMFس 㧖 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hƎ`F E'b&  8P!Ǝ`Fس㧖 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hϝuF E'b&  8P!ϝuFس㧖 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**h`F E'b&  8P!`Fسʧ0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**hTF E'b&  8P!TFسʧ0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**@, G E'b&  8P!j, Gس㧖Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Qp;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7c1f62f9-51c5-4f5e-a075-a2af3d1d9480 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = edb0bd53-043d-42c8-814c-e5e60eb1d726 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**hGG E'b&  8P!GGس㧖 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ct h**hjUG E'b&  8P!jUGس㧖 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &$mah**h KXsG E'b&  8P!KXsGسK˧d  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sh**h ;DG E'b&  8P!;DGسK˧d  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-h**x gzG E'b&  8P!!jgzGس̧d 4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b1e6552d-9c2d-493e-869d-63830943e425 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ad212af7-8cf0-4dba-85ca-c16973bb98e4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. B E'b&  8P!>BسΧ#Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h$cVP E'b&  8P!cVPسΧ$Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h%m E'b&  8P!mس秖 %Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h&`y E'b&  8P!`yس秖 &Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**x' E'b&  8P!!jس觖 'Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e8b7acd7-4e23-42d4-bf14-2e4f8a77710c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9d859523-7aae-46f5-92c4-71b29dc41850 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. B] E'b&  8P!B]سv駖 h >Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**h? N] E'b&  8P! N]سv駖 h ?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**x@j] E'b&  8P!!jj]س꧖ @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 59c697d0-0a6b-4844-9bb9-2bdea182609b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = cad9ad21-9644-4a5e-aa95-9c1024ff3a53 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. F E'b&  8P!j—س\ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@P! E'b&  8Ps-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah 8PPrational ElfChnkZZ`Gt(P=f?mMF&a**Z— E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j—س\ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ce36f14d-b61b-45b1-b868-2555b7029012 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7214ad24-590b-4f3f-9407-ece5f9764ab9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. an**[— E'b&  8P9!—سg֧Lh[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c({ **h\u× E'b&  8P!u×سg֧Lh\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**h]Ru× E'b&  8P!Ru×سVH ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**h^A× E'b&  8P!A×سVH ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**h_{Vd E'b&  8P!{Vdسק _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h`dd E'b&  8P!ddسק `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**ha,m E'b&  8P!,mسm, aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**hb:m E'b&  8P!:mسm, bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hc=m E'b&  8P!=mسn  cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a-h**hdoLm E'b&  8P!oLmسn  dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**he:xm E'b&  8P!:xmسקeMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hfZm E'b&  8P!ZmسקfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**xgw n E'b&  8P!!jw nسT淪TgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 984e58ee-771a-4f2b-9475-3c1e5d149e19 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = bec45798-2d27-4370-a397-c89ff9d92331 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hhׂ7n E'b&  8P!ׂ7nسU淪$hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**hinCn E'b&  8P!nCnسU淪$iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hjp E'b&  8P!pسfاdjMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hkp E'b&  8P!pسfاdkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hl p E'b&  8P! pس淪d d lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hmR q E'b&  8P!R qس淪d d mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**xn~q E'b&  8P!!j~qس٧d nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ebf5f5ac-596a-4782-910f-2d77c7ebaeca Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 409440ca-f409-4e35-aa76-96d18e2f3c5d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. eIx**ho4q E'b&  8P!4qسX oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hplq E'b&  8P!lqسX pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hqiq E'b&  8P!iqس$qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hroq E'b&  8P!oqس$rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**xs_Ur E'b&  8P!!j_Urس$sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 695a90a9-b4d5-43ba-914d-13dd89dad9eb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 25075588-5b4f-4ead-9651-cd9b950f425b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. n< E'b&  8P!j>n<سr  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d404d362-10f4-4380-b10d-1bef8941c5d1 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5302ff45-a768-42a9-9d68-d7f61e9ccef1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**h < E'b&  8P! <سs x Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h,< E'b&  8P!,<سs x Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h@Ag= E'b&  8P!@Ag=س৖t Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**ht= E'b&  8P!t=س৖t Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h$O E'b&  8P!$Oس|᧖Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h5Z E'b&  8P!5Zس|᧖Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h1 E'b&  8P!1س᧖ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h4 E'b&  8P!4س᧖ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h E'b&  8P!سt  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h5 E'b&  8P!5سt  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**x+ E'b&  8P!!j+س!t Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a67c7664-ffdd-49a7-991b-ff6d001e914b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = cbab4fce-0cb7-48ea-9922-1968779584a7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**hÝ E'b&  8P!س⧖ ÝMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hĝw E'b&  8P!wس⧖ ĝMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hŝ_2 E'b&  8P!_2س⧖`T ŝMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hƝd= E'b&  8P!d=س⧖`T ƝMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hǝj-U E'b&  8P!j-UسM㧖 ǝMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hȝCa E'b&  8P!CaسM㧖 ȝMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hɝ|* E'b&  8P!|*سh ( ɝMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hʝY: E'b&  8P!Y:سh ( ʝMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h˝Ξ E'b&  8P!Ξس;x ˝Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h̝ݞ E'b&  8P!ݞس;x ̝Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h͝p E'b&  8P!pس? ͝Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hΝ( E'b&  8P!(س? ΝMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Coh**xϝZ E'b&  8P!!jZس ϝMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5af9a089-b323-4735-ae98-503608b074dc Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4e5da52d-448e-488c-8a69-7590daf76713 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8x**hН@Jʟ E'b&  8P!@Jʟس НMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hѝƅ՟ E'b&  8P!ƅ՟س ѝMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hҝvi E'b&  8P!viس㧖 xҝMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hӝS E'b&  8P!Sس㧖 xӝMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hԝg࡜ E'b&  8P!g࡜س ԝMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h՝Y로 E'b&  8P!Y로س ՝Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**x֝IT E'b&  8P!!jITس䧖 ֝Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a040820e-b6be-48dc-b3cf-a9fa337734c2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 17974950-bdd0-48da-ab45-508500dec406 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**hםo E'b&  8P!oس 䧖 0 םMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h؝n{ E'b&  8P!n{س 䧖 0 ؝Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hٝ?A E'b&  8P!?Aسw䧖| PٝMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hڝ4- E'b&  8P!4-سw䧖| PڝMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h۝E¹ E'b&  8P!E¹س^ ۝Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hܝǤ E'b&  8P!Ǥس^ ܝMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hݝq卵 E'b&  8P!q卵س䧖 ݝMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hޝ E'b&  8P!س䧖 ޝMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**xߝ]p E'b&  8P!!j]pسV | ߝMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 67e2d018-63f7-4655-b690-e7b19e0f3be2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 3cddfc9d-b7e7-4776-9c66-d8a145820681 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h5 E'b&  8P!5س姖 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h! E'b&  8P!!س姖 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hƼ E'b&  8P!Ƽسb Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h Υ E'b&  8P! Υسb Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**x9I4 E'b&  8P!!j9I4سE 4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e2195739-3515-49f0-ace3-eaa796ea9926 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 91da392c-e850-48e8-a5f5-4437feb845ca Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**h P E'b&  8P! Pس姖0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**h\ E'b&  8P!\س姖0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**h(Ԉ E'b&  8P!(Ԉس8姖 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**h<Ǖ E'b&  8P!<Ǖس8姖 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hk E'b&  8P!kس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hR` E'b&  8P!R`س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h;kͦ E'b&  8P!;kͦسX Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h/`٦ E'b&  8P!/`٦سX Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hP E'b&  8P!PسM Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h()P E'b&  8P!()PسM Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hg+W E'b&  8P!g+WسS槖 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hyW E'b&  8P!yWسS槖 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h+W E'b&  8P!+Wس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hyX E'b&  8P!yXس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**xwX E'b&  8P!!jwXسp Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3dac3c09-c166-4837-a770-8ce9910c60b0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7a63806f-7aab-4759-8ecf-4a14fef34b24 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h ĒX E'b&  8P! ĒXسi槖Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hX E'b&  8P!Xسi槖Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h Y E'b&  8P! Yس\  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h׏Y E'b&  8P!׏Yس\  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h/G E'b&  8P!/Gس秖4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hS3 E'b&  8P!S3س秖4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hs0  E'b&  8P!s0 س秖L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hҪ  E'b&  8P!Ҫ س秖L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h  E'b&  8P! سkX Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h  E'b&  8P! سkX Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**xJ  E'b&  8P!!jJ سX Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0a29c8ef-d210-4bd2-81ac-cb8c39a6e3fa Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d13f95f3-d3e9-4bd4-b2c1-8fe2f156a210 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. anx**hsfh  E'b&  8P!sfh س觖0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hEu  E'b&  8P!Eu س觖0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hA  E'b&  8P!A سa \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hy  E'b&  8P!y سa \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**h E'b&  8P!س駖@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8hP! E'b&  8Ps-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah 8PPrational ElfChnkXXXp]2(T=f?mMF!&**XN E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!Nس駖@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**h E'b&  8P!س駖`4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hG E'b&  8P!Gس駖`4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**h䥶 E'b&  8P!䥶سd Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**hܱ E'b&  8P!ܱسd Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**h a E'b&  8P!aسhh Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &00-h**h [M E'b&  8P![Mسhh Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**@ 0t E'b&  8P!j0tسh Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !p;)(A?ToData= ContextInfo A'T=UserData A%T=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d377bb25-10b6-4860-ba08-970c9a9a3d4b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 2366c6fe-ee2d-4a4e-a9de-03953923289d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**h  E'b&  8P!س  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & (-h**h 0 E'b&  8P!0س  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**h{0 E'b&  8P!{0س&  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ct h**hs5> E'b&  8P!s5>س&  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &$mah**h}c E'b&  8P!}cس( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sh**hr E'b&  8P!rس( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**x亞 E'b&  8P!!j亞س Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e56fa823-95cb-4ff2-91fc-885c96a2f07a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 11cb0032-d750-40df-81e2-a18bb0c6e447 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 7-x**h@ E'b&  8P!@سH맖 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &f (h**hO E'b&  8P!OسH맖 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d (h**h(; E'b&  8P!(;سI맖h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**hxI E'b&  8P!xIسI맖h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**xK E'b&  8P!!jKس맖h hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 25833dff-274b-45e2-8522-f3a83f8d65f7 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9c6cc0d6-8a10-4400-9266-b6a76ec46bb5 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error.  E'b&  8P!kQ>س}$,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**h-;  E'b&  8P!; س  -Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**h.  E'b&  8P! س  .Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**h/W(<  E'b&  8P!W(< س D|/Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**h0vJ  E'b&  8P!vJ س D|0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &inh**x1]  E'b&  8P!!j] سq Dd 1Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7a7fd1af-5750-40b5-b958-602ed1b33467 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f1907d1d-ebcd-417b-b2c8-962a7eaca838 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**h2#  E'b&  8P!# سl 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**h3  E'b&  8P! سl 3Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**h4]d! E'b&  8P!]d!س'淪L4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**h5?p! E'b&  8P!?p!س'淪L5Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**h6/Š E'b&  8P!/Šس+  6Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**h7} Ơ E'b&  8P!} Ơس+  7Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**h8GΠ E'b&  8P!GΠس0  8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**h9Ϡ E'b&  8P!Ϡس淪t9Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h:z Ϡ E'b&  8P!z Ϡس0  :Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h;_Ϡ E'b&  8P!_Ϡس淪t;Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h<LϠ E'b&  8P!LϠس0 <Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h= *YϠ E'b&  8P! *YϠس0 =Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**x>{Ϡ E'b&  8P!!j{Ϡس | >Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d04e77c9-00d4-48b1-939a-1698837eed7d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8aae38d7-ed3b-41b1-a4bd-583876877316 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**h?tpР E'b&  8P!tpРس4d ?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**h@LР E'b&  8P!LРس4d @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**hA=Р E'b&  8P!=Рسf AMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hBKР E'b&  8P!KРسf BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hCР E'b&  8P!Рس CMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hD"Ѡ E'b&  8P!"Ѡس DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**xEwuѠ E'b&  8P!!jwuѠس? EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0963f4e0-cce5-4f93-a082-302f5fbf315f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 404c10b0-79ce-440c-90d1-1d10ca2932a4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hFkѠ E'b&  8P!kѠس FMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**hGWѠ E'b&  8P!WѠس GMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**hHѠ E'b&  8P!ѠسH  HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**hI{eѠ E'b&  8P!{eѠسH  IMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**xJ@Ҡ E'b&  8P!!j@Ҡس $JMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 57e86c00-90a0-494d-951e-a9f4867f3612 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 36b77a83-2eb3-43a2-b4b4-c27d8c0e8e11 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error.  E'b&  8P!!j->س ߞMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = fdadeb1f-084c-4f58-b60f-8bf912befa30 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c97b3df4-5389-4415-acd3-d4f965fca84e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h.Mk E'b&  8P!.Mkس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h8w E'b&  8P!8wس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hDB E'b&  8P!DBس%< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h E'b&  8P!س%< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h E'b&  8P!س" Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h E'b&  8P!س" Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**x E'b&  8P!!jس#Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3043627f-bde2-4973-9f9a-a4e2c7a716b0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 2f93accf-87c9-458c-9553-2671e768a09d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error.  x**h E'b&  8P!س#<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h E'b&  8P!س#<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h E'b&  8P!س( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h E'b&  8P!س( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**x+T E'b&  8P!!j+Tس)Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8124f19a-24a2-471e-bc86-bcad9a7e0635 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 391a86ae-467c-4e21-b143-c6c195f9314c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ntx**hq E'b&  8P!qس+Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arsth**h} E'b&  8P!}س+Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aFirh**h E'b&  8P!سBMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aa99h**h}d E'b&  8P!}dسBMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aUseh**hѝ E'b&  8P!ѝسY$ 4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h E'b&  8P!سY$ 4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h@ E'b&  8P!@س\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hU E'b&  8P!Uس\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hR$˧ E'b&  8P!R$˧س$ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aH h**h;1˧ E'b&  8P!;1˧س$ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aH h**h:ͧ E'b&  8P!:ͧس%, |Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aLh**hͧ E'b&  8P!ͧس%, |Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aLh**h EΧ E'b&  8P! EΧسs4 | Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h0Χ E'b&  8P!0Χسs4 | Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**x9Χ E'b&  8P!!j9Χس4 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 365c793c-f2bd-4d13-8bfd-26e8a2d4f50d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 04a0fb10-efa9-438a-84f5-e6ef6a818263 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error.  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 70bd31fe-e17a-4780-88d0-6892779cfb94 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4c908245-f00a-43d4-a98b-305ee4f86002 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. uex**h*Y2 E'b&  8P!*Y2س,)T Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**he2 E'b&  8P!e2س,)T Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h~3 E'b&  8P!~3سf  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hO3 E'b&  8P!O3سf  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h|3 E'b&  8P!|3سm  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hh3 E'b&  8P!h3سm  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**x|4 E'b&  8P!!j|4سX* Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5affb636-339d-4df8-9735-e618ef4c0c1d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5d5d665c-3565-41c3-9f6d-c8bb13c8d285 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**hn;4 E'b&  8P!n;4س} 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hZG4 E'b&  8P!ZG4س} 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hj4 E'b&  8P!j4س  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hŁ4 E'b&  8P!Ł4س  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hR7 E'b&  8P!R7س* Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h7 E'b&  8P!7س* Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h PM 8 E'b&  8P!PM 8س/  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h!18 E'b&  8P!18س/ !Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**x"A8 E'b&  8P!!jA8س+|"Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0167d3ba-673a-4ce2-a948-89734cfddf1f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1cd14c43-d5c9-46b1-ba49-70f3fae7ab63 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h#8 E'b&  8P!8س+\ #Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h$؛8 E'b&  8P!؛8س+\ $Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h%T8 E'b&  8P!T8س+ %Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h&Z8 E'b&  8P!Z8س+ &Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**x'K9 E'b&  8P!!jK9س , 'Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a383d0cd-3690-404c-96ca-2662a3c67f62 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d086a1d4-0d35-4ddc-8ab2-a8e6c9989606 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. tix**h(Bf9 E'b&  8P!Bf9س  (Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Roh**h) q9 E'b&  8P! q9س  )Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**h*9 E'b&  8P!9س p *Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &essh**h+9 E'b&  8P!9س p +Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**h,J89 E'b&  8P!J89س,  ,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &in3h**h-ȑ9 E'b&  8P!ȑ9س  -Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Wih**h.ȑ9 E'b&  8P!ȑ9س,  .Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**h/ 9 E'b&  8P! 9س  /Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h0ɬ E'b&  8P!ɬسz- 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h1,ե E'b&  8P!,եسz- 1Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h2X E'b&  8P!Xس  2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h32 E'b&  8P!2س  3Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h4/E E'b&  8P!/Eس-4 4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h5S) E'b&  8P!S)س-4 5Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**x6N E'b&  8P!!jNس  6Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = dde2a5b9-f65d-46b1-a0dc-b61d806078c0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = dbd2445c-42ef-4131-b7f1-cba32c36d38d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h7 E'b&  8P!س  7Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h8 E'b&  8P!س  8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h99 E'b&  8P!9س. T9Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h:E E'b&  8P!Eس. T:Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h;Cd E'b&  8P!Cdسk 0;Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h<٣r E'b&  8P!٣rسk 0<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h=) E'b&  8P!)س  =Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h> E'b&  8P!س  >Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h?❪ E'b&  8P!❪س/?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h@ E'b&  8P!س/@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**xAzb E'b&  8P!!jzbس0DAMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c6ce2f3e-976c-49a7-a6cf-66c8a3730aeb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = df946e63-16ed-4a8a-b399-003b63355b78 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. anx**hB~ E'b&  8P!~س BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hC  E'b&  8P! س CMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hD E'b&  8P!س&1hDMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hE E'b&  8P!س&1hEMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hFY? E'b&  8P!Y?سb1,|FMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hGj@ E'b&  8P!j@سb1,|GMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hHWI E'b&  8P!WIسe1 tHMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hI#I E'b&  8P!#Iسe1 tIMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hJ8I E'b&  8P!8Iس JMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hKEI E'b&  8P!EIس KMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hL`cI E'b&  8P!`cIسz1 DLMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hMxpI E'b&  8P!xpIسz1 DMMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xNVI E'b&  8P!!jVIس'2 NMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 86f19faf-a3d4-427d-9bd8-1eda018a2697 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 62115f48-862b-4717-8d88-2809da88e90f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**hO J E'b&  8P! Jسv OMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hP J E'b&  8P! Jسv PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hQJ E'b&  8P!JسQMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hRJ E'b&  8P!JسRMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hSJ E'b&  8P!JسX SMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hTQ K E'b&  8P!Q KسX TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &quehe Number = 1 E'b&  8P Sj}Kس3X  UMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @P!/Χس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah 8PPrational ElfChnkUUPDq5ô(P=f?mMF&a**U}K E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j}Kس3X  UMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c7278756-1594-4342-85f3-e32cdb14ee46 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 377dbb7b-2ae9-4b90-9ec5-90574bae3d34 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ac **VK E'b&  8P9!Kس3 p VMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c(d **hWK E'b&  8P!Kس3 p WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aaceh**hXK E'b&  8P!Kس34 TXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**hYI@K E'b&  8P!I@Kس34 TYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**xZEL E'b&  8P!!jELس4 ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 45b36f40-2396-4545-8672-f0f9cfa94ef6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 35cf63f7-a9ac-44ee-8a12-fa7bcd381e67 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. d E'b&  8P!>dس 4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hyZLd E'b&  8P!yZLdس 4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hnd E'b&  8P!ndس9 h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h d E'b&  8P! dس9 h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h!C6h E'b&  8P!!C6hس9 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h]Eh E'b&  8P!]Ehس9 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hfoh E'b&  8P!fohس0 LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h ah E'b&  8P! ahس0 LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**x=$h E'b&  8P!!j=$hس: Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 36c2a795-6a67-4ccd-808c-0e2a6c90104a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c738b775-fea3-49d2-b9d4-b474607e9f50 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hV"i E'b&  8P!V"iسhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**hR0i E'b&  8P!R0iسhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h8[i E'b&  8P!8[iس: Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hވgi E'b&  8P!ވgiس: Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**xi E'b&  8P!!jiس; X Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = de482254-7c65-4ccc-aee6-8a4daa602224 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c8306db8-d821-4a22-96be-636c324bb928 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error.  E'b&  8P!Y>س7(L d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h E'b&  8P!س7(L d Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h{ E'b&  8P!{س[( 4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h?g' E'b&  8P!?g'س[( 4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h]I E'b&  8P!]IسM) Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hZ E'b&  8P!ZسM) Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h.ꪳ E'b&  8P!.ꪳسT) Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h L E'b&  8P! LسT) Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hb6 E'b&  8P!b6سU) 4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h 4  E'b&  8P!4 سU) 4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h!Ub; E'b&  8P!Ub;سLT!Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**h"i H E'b&  8P!i HسLT"Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**x#?ī E'b&  8P!!j?īس)T$ #Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 756ad052-2c49-4ef7-b335-ca04c8fa1101 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ba00abfb-a4bb-4f33-b2fd-1d288c2dc0b4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Rox**h$ E'b&  8P!سM $Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**h% E'b&  8P!سM %Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aessh**h& E'b&  8P!س*&Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a } h**h'y3 E'b&  8P!y3س*'Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ain3h**h(K&ʭ E'b&  8P!K&ʭسNT(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Wih**h)֭ E'b&  8P!֭سNT)Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a } h**x*E E'b&  8P!!jEس*T *Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a3ddc60f-f309-4916-b92d-a1885f4cae2c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 897d670b-7dc6-4761-b1a7-e26add7c3a41 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. eIx**h+a E'b&  8P!aس* +Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h,m E'b&  8P!mس* ,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h-"ڮ E'b&  8P!"ڮسN-Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h.S害 E'b&  8P!S害سN.Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h/j E'b&  8P!jسN /Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h0Mu E'b&  8P!MuسN 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h1@ E'b&  8P!@س+0 1Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h2, E'b&  8P!,س+0 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**x3h0 E'b&  8P!!jh0سO0 3Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 28af240b-674b-4dfc-9e1b-2b20ef7c556e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 78cef3e9-0130-4a6a-b6db-9a4d7bd0dc95 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**h4> E'b&  8P!>سO| 4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h5FJ E'b&  8P!FJسO| 5Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aeIh**h6Hg E'b&  8P!Hgس+8 D6Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h7s E'b&  8P!sس+8 D7Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**x8@ߵ E'b&  8P!!j@ߵسTP8 8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 210e97a0-d806-4ae2-9418-35f0adaeb5bf Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = de2b277a-0f22-43e4-a001-cc851b858af7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. a-x**h9e- E'b&  8P!e-س,<4 9Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**h:F E'b&  8P!Fس,<4 :Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**h;T8 E'b&  8P!T8سs, L ;Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h<FD E'b&  8P!FDسs, L <Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h=*[ E'b&  8P!*[سPL =Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h>j E'b&  8P!jسPL >Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h?Z݀ E'b&  8P!Z݀س,(?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h@  E'b&  8P! س,(@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hAZ] E'b&  8P!Z]سP AMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hBW] E'b&  8P!W]سP BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aeIh**hCPvg E'b&  8P!Pvgس- HCMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hDg E'b&  8P!gس- HDMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hEizg E'b&  8P!izgسlQLEMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hFg E'b&  8P!gسlQLFMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h  E'b&  8P!jž+hسQLGMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*h5. E'b&  8P!5.س# Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Schpt Name =  E'b&  8Pumj سG L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*hO J E'b&  8P! Jسv OMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hP J E'b&  8P! Jسv PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hQJ E'b&  8P!JسQMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hRJ E'b&  8P!JسRMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hSJ E'b&  8P!JسX SMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hTQ K E'b&  8P!Q KسX TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &quehe Number = 1 E'b&  8P Sj}Kس3X  UMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @P!/Χس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah 8PPrational ElfChnkGG ]C,(P=f?mMF&a**Gž+h E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jž+hسQLGMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 045182cb-4d82-46d9-9ee0-6e0ce6558364 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a5db9b0d-817e-45eb-89f3-5339d1cacb0c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ac **H|Gh E'b&  8P9!|Ghس^.\HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c(d **hI1Th E'b&  8P!1Thس^.\IMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aaceh**hJeZh E'b&  8P!eZhس.,JMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**hKh E'b&  8P!hس.,KMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**hLr  E'b&  8P!r سRXLMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hM E'b&  8P!سRXMMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hNC E'b&  8P!Cس/NMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hOPUQ E'b&  8P!PUQس/OMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hPm E'b&  8P!mسR4PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hQuy E'b&  8P!uyسR4QMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**xR E'b&  8P!!jس`04RMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0f0d16a3-33fd-4c00-8c5e-6f09e84f2206 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 464f6e50-15bb-412c-b504-1abd20bb5169 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 74 0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hZF E'b&  8P!ZFس>74 0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hf E'b&  8P!fس\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hQt E'b&  8P!Qtس\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Schpt Name =  E'b&  8Pumj4س]x Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*hO J E'b&  8P! Jسv OMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hP J E'b&  8P! Jسv PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hQJ E'b&  8P!JسQMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hRJ E'b&  8P!JسRMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hSJ E'b&  8P!JسX SMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hTQ K E'b&  8P!Q KسX TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &quehe Number = 1 E'b&  8P Sj}Kس3X  UMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @P!/Χس Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah 8PPrational ElfChnkP/3(P=f?mMF&a**4 E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j4س]x Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c0904e97-2d99-46b9-a99e-9a76284c15f8 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b9415967-f021-4372-ad2f-4186c03a9073 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ac **H E'b&  8P9!Hس]@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c(d **h-4  E'b&  8P!-4 س]@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aaceh**h] E'b&  8P!]سz^ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**h E'b&  8P!سp7 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**h E'b&  8P!سp7 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h*] E'b&  8P!*]س{^  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h> E'b&  8P!>س{^  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**xZ E'b&  8P!!jZس8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d6e31c11-58d5-4edc-85cd-302ce7a83448 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 3fb983d7-d851-4833-b77e-849034e7705b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. {x**h< E'b&  8P!<س^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hPҍ E'b&  8P!Pҍس^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hun E'b&  8P!unس_HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hC+ E'b&  8P!C+سN> Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hVu E'b&  8P!Vuس>8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aeIh**hf^ E'b&  8P!f^س>8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h죯 E'b&  8P!죯س il Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hv E'b&  8P!vس il Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**x ( E'b&  8P!!j (سiMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 59a2a56c-3b4c-4c80-add0-8b44eaa242f4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9e4dabb2-c940-415a-8f8c-434a999b39da Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x 8PPrational ElfChnk44x3(=f?mMF&**XZG E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!ZGس> Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hFS E'b&  8P!FSس> Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**heȰ E'b&  8P!eȰسj`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**hװ E'b&  8P!װسj`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**h r0 E'b&  8P! r0EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**h^1 E'b&  8P!^1EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &00-h**h? E'b&  8P!?E Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**hW/? E'b&  8P!W/?E Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nfih**@:@ E'b&  8P!j:@EL<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ceadd6c8-b797-4d8e-be66-79cf10b39d1f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b2711b3b-a3f0-4245-a333-947e80ab10a4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**h@ E'b&  8P!@E, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h<@ E'b&  8P!<@E, Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h7B E'b&  8P!7BE Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hn) C E'b&  8P!n) CE Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h{F&C E'b&  8P!{F&CET ` Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h1C E'b&  8P!1CET ` Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**xyC E'b&  8P!!jyCET p Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5e3fcf9c-7e88-4c7f-9d0c-971e0db72c32 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = bd141e9e-1987-461b-86ee-ae279812d467 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**hn L E'b&  8P!n LE 8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hZL E'b&  8P!ZLE 8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**-L E'b&  8P]!j-LE8 4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ce6f5bcd-62ce-406d-9e8c-01c268a366fe Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-udnlyrsw.pm1.ps1 Engine Version = 4.0 Runspace ID = 30eaae5e-e215-4d2e-ae5d-88f52c159b4b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. **h9L E'b&  8P!9LEP Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**hEL E'b&  8P!ELEP Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Eh**x!L E'b&  8P!!j!LETMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 325f32cc-b3ab-46c9-beaa-374678b1d690 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7dbe9ac9-73ea-4d68-be98-47bd2bd7af19 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**h9L E'b&  8P!9LEV Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hf%L E'b&  8P!f%LEV Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hVBO E'b&  8P!VBOEMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hANO E'b&  8P!ANOEMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &725h**hJiO E'b&  8P!JiOE <Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**h wO E'b&  8P! wOE <Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**x{O E'b&  8P!!j{OE2  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6b367d25-9102-496f-844f-f96d3dd18f83 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f38b11c2-d35f-44a6-ba82-27d12be95828 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**hVZ E'b&  8P!VZE Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hԿbZ E'b&  8P!ԿbZE Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hI e E'b&  8P!I eE Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h :e E'b&  8P!:eE Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h BUe E'b&  8P!BUeE%H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h T.ae E'b&  8P!T.aeE%H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**x e E'b&  8P!!jeEx Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d3aa2a8e-13b0-4a35-bd26-62f0653e13af Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8b8feb99-986b-4716-823a-aa9884018835 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. elx**h f E'b&  8P!fE0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hSNf E'b&  8P!SNfE0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h h E'b&  8P! hET Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hIh E'b&  8P!IhET Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hi E'b&  8P!iExT Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hi E'b&  8P!iExT Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**xqi E'b&  8P!!jqiExMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 535c8f76-cc65-4b07-afa0-2dcc44a640f6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0f5dd2be-ba22-42dc-8d64-f28612786b0e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 00x**h)i E'b&  8P!)iEptMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & cah**hi E'b&  8P!iEptMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &worh**h?j E'b&  8P!?jE<DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &etwh**hPj E'b&  8P!PjE<DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atch**x%j E'b&  8P!!j%jE < Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a1833dc1-89b2-4fd8-8941-079f39ea742a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 24070303-75fe-4430-9ddd-3e93bd0b6e2b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rix**hgj E'b&  8P!gjEx Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &etAh**hj E'b&  8P!jEx Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &'00h**hͻj E'b&  8P!ͻjE Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & cah**h_j E'b&  8P!_jE Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &worh**hj E'b&  8P!jEbMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &etwh**hTj E'b&  8P!TjEbMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atch**h^1k E'b&  8P!^1kE;<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ameh**h qs E'b&  8P!sEH \>Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Verh**@? t E'b&  8P!j tEH  ?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Yp;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f7b16ac8-7775-4bd0-9a33-402992c53961 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 710001b0-0fce-4339-8459-c828130d9d8d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. n@**h@D"8t E'b&  8P!D"8tE8, @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hAtDt E'b&  8P!tDtE8, AMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hB6y E'b&  8P!6yE T BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hCnDy E'b&  8P!nDyE T CMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hDL{ly E'b&  8P!L{lyEjDMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hE]|y E'b&  8P!]|yEjEMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**xFy E'b&  8P!!jyEFMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 31848d37-117c-4745-8eb6-ce33658fea46 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 70498ba5-b0c0-45f0-ad8a-6d450b03284c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**hGfz E'b&  8P!fzEt GMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hH z E'b&  8P! zEt HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Winh**hI>8z E'b&  8P!>8zE IMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hJ*Dz E'b&  8P!*DzE JMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**xKQz E'b&  8P!!jQzE  KMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b6e91eb9-3af2-4a77-8b45-120740f6901b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = de5e3020-95e5-42c8-8540-9c7e2557f30b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**hLz E'b&  8P!zE < LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hMz E'b&  8P!zE < MMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hNb{ E'b&  8P!b{E  HNMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hOv{ E'b&  8P!v{E  HOMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hP +{ E'b&  8P! +{E}D PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hQq7{ E'b&  8P!q7{E}D QMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hRc7I{ E'b&  8P!c7I{E  RMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hSպS{ E'b&  8P!պS{E  SMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hTi1% E'b&  8P!i1%E < TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hU C% E'b&  8P! C%E < UMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hVH, E'b&  8P!H,E VMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**hWV, E'b&  8P!V,E WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hXZJu, E'b&  8P!ZJu,E  XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**hY, E'b&  8P!,E  YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**xZo, E'b&  8P!!jo,E  ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 60115552-cfcb-4e1b-81f4-60953c362eaa Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 41e903c1-d314-4ae6-b2d5-862da1f51976 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h[c- E'b&  8P!c-E  [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h\O"- E'b&  8P!O"-E  \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**h]6- E'b&  8P!6-ET]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**h^- E'b&  8P!-ET^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h_aؾ E'b&  8P!aؾE- _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**h`:ؾ E'b&  8P!:ؾE- `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**ha1$߾ E'b&  8P!1$߾EkaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rouh**hb}-߾ E'b&  8P!}-߾EkbMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hcM߾ E'b&  8P!M߾E> cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &elsh**hdW[߾ E'b&  8P!W[߾E> dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &} h**xeV߾ E'b&  8P!!jV߾EP `eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 130de0c9-f649-48e1-8cb4-6b32378428a3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7b1c12ca-8d12-483f-898b-11c999f21bcb Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**hfV߾ E'b&  8P!V߾ETfMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**hg ߾ E'b&  8P! ߾ETgMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**hhnq E'b&  8P!nqE hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rouh**hi7{} E'b&  8P!7{}E iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hjbO E'b&  8P!bOEjMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &elsh**hk E'b&  8P!EkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &} h**hlTъ E'b&  8P!TъE80lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &6b0h**hmJ>܊ E'b&  8P!J>܊E80mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ROUh**hn+ E'b&  8P!+ED TnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**ho7 E'b&  8P!7ED ToMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hp"t E'b&  8P!"tEXdP pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hq ˀ E'b&  8P! ˀEXdP qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**xr` E'b&  8P!!j`Esd(rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6a2b5b3b-97ab-4e57-8469-0d2f6d71ae49 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b96e86c0-e722-4664-8e81-f6a82e5a2b5f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. OUx**hs5! E'b&  8P!5!ElsMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**htY!- E'b&  8P!Y!-EltMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**huǿ葿 E'b&  8P!ǿ葿EhHuMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hvë E'b&  8P!ëEhHvMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hw7 E'b&  8P!7E , wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hx E'b&  8P!E , xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**xyb E'b&  8P!!jbEO yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 65fca0b2-b03b-4d58-b603-541aa4cac38a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c83fee39-5b20-41ac-87f0-99e815f14c9c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**hzL E'b&  8P!LE:zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**h{9 E'b&  8P!9E:{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**h| E'b&  8P!ESHd|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rouh**h}r) E'b&  8P!r)ESHd}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h~  E'b&  8P! E ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &elsh**h E'b&  8P!E Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &} h**h> E'b&  8P!>E Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &74bh**hM E'b&  8P!ME Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ROUh**x E'b&  8P!!jEHMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c5141ce4-ec51-4a84-b59f-78a86edf05aa Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 37cfb354-ad70-4f08-8110-b2f0e23b7840 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Hox**h╿ E'b&  8P!╿EE Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**h E'b&  8P!EE Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hr  E'b&  8P!r EQ8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**hS E'b&  8P!SEQ8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adaher.MacAddres E'b&  8P-0j~TE Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = cc6b8302-756c-495d-8fb3-4599a452c224 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. tcx**h3Nyzϼ E'b&  8P!NyzϼET 3Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ameh**h4eϼ E'b&  8P!eϼET 4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &helh Error Mes E'b&  8Prational ElfChnk`,{iS(P=f?mMF&a**~T E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j~TE Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 290ef86c-4824-4981-968c-94162a47fc5c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e1463db7-daf1-46a8-be24-a1b507b347af Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ID **)q E'b&  8P9!)qE84Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c(f **h%] E'b&  8P!%]E84Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &and h**hږ E'b&  8P!ږE'XdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aaceh**h閿 E'b&  8P!閿E'XdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**h E'b&  8P!Ez ( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**h E'b&  8P!Ez ( Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**hB& E'b&  8P!B&E  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**h 2 E'b&  8P! 2E  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**h6{= E'b&  8P!6{=E @ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hy= E'b&  8P!y=E @ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &anh**h~fH E'b&  8P!~fHE)\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h(H E'b&  8P!(HE)\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h-kFH E'b&  8P!-kFHE= H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hQTH E'b&  8P!QTHE= H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**xHH E'b&  8P!!jHHE H$ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = fa6fe448-9fad-427f-85aa-86f5c97456ca Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 68ebe78b-7d83-4973-b827-f018c4a4f202 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hH E'b&  8P!HE8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h.H E'b&  8P!.HE8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a -h**h!I E'b&  8P!!IEh Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hI E'b&  8P!IEh Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aWinh**h -P E'b&  8P! -PE 0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hP E'b&  8P!PE 0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h&r E'b&  8P!&rEMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hN E'b&  8P!NEMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h E'b&  8P!E4` Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h E'b&  8P!E4` Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hL E'b&  8P!LE@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h=$ E'b&  8P!=$E@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**xe" E'b&  8P!!je"E @ tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 75d36002-0d9e-4856-ab37-459ffe4542b8 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 59822d50-4242-46e8-a27b-44b29592010a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h] E'b&  8P!]E P Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hWI E'b&  8P!WIE P Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hz. E'b&  8P!z.Ek 8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hF< E'b&  8P!F<Ek 8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Hoh**hk E'b&  8P!kE Td Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aExeh**h | E'b&  8P! |E Td Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h*B E'b&  8P!*BEHH Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &auteh**h.QQ E'b&  8P!.QQEHH Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aadah**hb E'b&  8P!bEv Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hh E'b&  8P!hEv Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h,@ E'b&  8P!,@E T Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hO E'b&  8P!OE T Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**xBƤ E'b&  8P!!jBƤE Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0b1b81d3-b2fe-4778-9917-fa40da76525e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = af7bebcf-925a-4acb-be28-e38c63802345 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**h6 E'b&  8P!6E PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &auteh**hjf E'b&  8P!jfE PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aadah**hR٬ E'b&  8P!R٬E Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arouh**h E'b&  8P!E Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hd"  E'b&  8P!d" E 8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aelsh**h E'b&  8P!E 8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a} h**x" E'b&  8P!!j"E Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c44ad33b-32da-46bf-a1c6-252d87f0b89f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b288393a-dda7-4300-b105-f7904007cebc Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**h E'b&  8P!E\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &auteh**h; E'b&  8P!;E\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aadah**h< ߭ E'b&  8P!< ߭E Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arouh**h\ E'b&  8P!\E Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**x)VY E'b&  8P!!j)VYE  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a29bde48-1b88-4ef6-8d9d-c24d89328792 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1003dd78-be47-4782-b218-d2b97190c3b6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**h v E'b&  8P! vEMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hQ E'b&  8P!QEMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hL E'b&  8P!LEP Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hq E'b&  8P!qEP Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h2ٮ E'b&  8P!2ٮE hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h¡= E'b&  8P!=E h¡Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**háW E'b&  8P!WE | áMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hġ E'b&  8P!E | ġMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aOUh**hšGV E'b&  8P!GVEv0H šMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hơV E'b&  8P!VEv0H ơMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hǡ|_ E'b&  8P!|_E{( ǡMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hȡh_ E'b&  8P!h_E{( ȡMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hɡZ` E'b&  8P!Z`EɡMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hʡ` E'b&  8P!`EʡMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xˡ` E'b&  8P!!j`EcˡMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8ede6bba-6261-404d-9d10-c964747995e7 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e3769bdf-708a-4bcd-b267-df6206f0a856 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**h̡X%` E'b&  8P!X%`E `̡Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &auteh**h͡c` E'b&  8P!c`E `͡Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aadah**hΡl'a E'b&  8P!l'aEΡMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arouh**hϡA3a E'b&  8P!A3aEϡMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hСUH E'b&  8P!UHE 0 СMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aelsh**hѡR E'b&  8P!RE 0 ѡMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a} h**hҡ E'b&  8P!E ҡMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a74bh**hӡ E'b&  8P!E ӡMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aROUh**hԡN E'b&  8P!NE ԡMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hաf E'b&  8P!fE աMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**x֡{n E'b&  8P!!j{nE\p ֡Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3d340093-f681-4eec-925f-156073461d19 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = cb727ed3-e357-46e7-a18f-25fa414de64d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**hסځ E'b&  8P!ځE` סMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &auteh**hء& E'b&  8P!&E` ءMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aadah**h١2 E'b&  8P!2Ec8١Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hڡ E'b&  8P!Ec8ڡMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hۡ@{ E'b&  8P!@{E4 ۡMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aelsh**hܡUw E'b&  8P!UwE4 ܡMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a} h**hݡ E'b&  8P!ElݡMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ac22h**hޡ E'b&  8P!ElޡMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aROUh**hߡ E'b&  8P!EI  HߡMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hJ E'b&  8P!JEI  HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahicrosoft-Win E'b&  8PwerShell/Operational &helh Error Mes E'b&  8Prational ElfChnk00`Sre(L =f?mMF &**Xtq6 E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!tq6E(xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**h]B E'b&  8P!]BE(xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**@ E'b&  8P!jEMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  p;)(A?L oData= ContextInfo A'L =UserData A%L =Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1b705399-7748-4052-9ece-e6fcbe3c090e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 3f5776d0-8ad3-4702-a10c-dc7ecf0cb8a2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**h: E'b&  8P!:E H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceh**h E'b&  8P!E H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**h E'b&  8P!Ev  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & (-h**hh E'b&  8P!hEv  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**h E'b&  8P!Ee HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ct h**h' E'b&  8P!'Ee HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &$mah**x7z, E'b&  8P!!j7z,Ep! Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5d609ecc-3c0c-4608-9f0a-9ef5263af2fb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0521edd3-451c-4076-8ff7-6c4d30a5f504 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hkNG E'b&  8P!kNGEr! 8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**hT E'b&  8P!TEr! 8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**hV E'b&  8P!VE(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**h E'b&  8P!E(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**h6 E'b&  8P!6E" Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hD E'b&  8P!DE" Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ach**hi E'b&  8P!iE3"h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hP)y E'b&  8P!P)yE3"h Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & -h**x E'b&  8P!!jET Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = de5995c3-b43c-4df9-82ac-835ab498f27e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6b930a4b-810c-435c-abf7-b7835024b7c6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 6-x**ha E'b&  8P!aE Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &f (h**h E'b&  8P!E Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d (h**hg+8 E'b&  8P!g+8E# Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**hyF E'b&  8P!yFE# Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**x; E'b&  8P!!j;E Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = bc5dbeea-8184-4502-9d20-ca51b399dd19 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = fe9277da-3f7c-410a-a36c-1897bd76c4b8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. A E'b&  8P!>AE#P Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &fS o E'b&  8P!S oEt>Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h?;ݑ E'b&  8P!;ݑE ?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h@Ol E'b&  8P!OlE @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hAxq9 E'b&  8P!xq9E#xAMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hB9 E'b&  8P!9E#xBMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hCNzmC E'b&  8P!NzmCE- T CMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hDB|C E'b&  8P!B|CE- T DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hEwC E'b&  8P!wCE{8 EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hFC E'b&  8P!CE{8 FMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xGӴD E'b&  8P!!jӴDEo. GMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b9dd0564-6a11-41b4-94bb-aac9f67875c1 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ec906d9e-4d1a-4361-84a6-958cb403d2a0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**hHZP6D E'b&  8P!ZP6DEs.4 HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hICAD E'b&  8P!CADEs.4 IMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hJSݮD E'b&  8P!SݮDE JMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hKHɺD E'b&  8P!HɺDE KMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hLd E'b&  8P!dE" LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hM2 E'b&  8P!2E" MMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hND E'b&  8P!DE/ NMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hO礢 E'b&  8P!礢E/ OMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hPC͇ E'b&  8P!C͇Ep PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hQS E'b&  8P!SEp QMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hRM E'b&  8P!ME60\ RMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hS  E'b&  8P! E60\ SMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Coh**xT7e\ E'b&  8P!!j7e\E0\ H TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d6c5f842-680b-4309-a124-a9197a9d9362 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 886450a9-e491-4948-80f5-452991a0ccb7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8x**hU5׌ E'b&  8P!5׌E0D UMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hVØ E'b&  8P!ØE0D VMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hW7V E'b&  8P!7VE 1 WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hXm E'b&  8P!mE 1 XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hY E'b&  8P!E1D YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hZ-; E'b&  8P!-;E1D ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**x[ E'b&  8P!!jE4  [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 52a26494-5b8d-4194-ae19-3dd4861e9fc9 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 299c12b6-5750-43c3-8c43-8995af3d20b6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**h\n E'b&  8P!nE1 \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h]a E'b&  8P!aE1 ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h^ E'b&  8P!E= ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h_ E'b&  8P!E= _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**x`]_G E'b&  8P!!j]_GEc2`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d6c00782-5280-4179-b4ef-d19d98b5fcae Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 79399b42-609a-48fb-9979-5163499b52fa Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Scx**hajc E'b&  8P!jcEd2 \ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &inh**hb-o E'b&  8P!-oEd2 \ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hc E'b&  8P!E2 cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hd E'b&  8P!E2 dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**heU E'b&  8P!UE-! (eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hf E'b&  8P!E2X fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hg< E'b&  8P!<E-! (gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hhg E'b&  8P!gE2X hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hi|d E'b&  8P!|dET! iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hjmpr E'b&  8P!mprET! jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hk( E'b&  8P!(E3tkMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hlw E'b&  8P!wE3tlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hm E'b&  8P!E! mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hn E'b&  8P!E! nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xos E'b&  8P!!jsE4oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c80ea518-73e6-469f-8bfd-96952d225597 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 31e0b0dc-b64a-47b9-8ded-4e80ef4e6938 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hp! E'b&  8P!!E4pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hq렷 E'b&  8P!렷E4qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hrE)" E'b&  8P!E)"Ei"HL rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hs. E'b&  8P!.Ei"HL sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**ht16R E'b&  8P!16RE5D tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**huBR E'b&  8P!BRE5D uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hv5M[ E'b&  8P!5M[EP6 vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hwӛ[ E'b&  8P!ӛ[EP6 wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hx3[ E'b&  8P!3[E" ( xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hyd[ E'b&  8P!d[E" ( yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**xzI]\ E'b&  8P!!jI]\E6 (zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 555732c8-b39e-4705-97b8-6d958b01b1ee Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d88e3a96-723d-44f8-a592-00621f8116f9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**h{d?y\ E'b&  8P!d?y\E6L{Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h|\ E'b&  8P!\E6L|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h}q\ E'b&  8P!q\E# }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h~/ ] E'b&  8P!/ ]E# ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h E'b&  8P!E# 8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h@ E'b&  8P!@E# 8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hM  E'b&  8P!M E#L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h] E'b&  8P!]E#L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h E'b&  8P!E8 XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h E'b&  8P!E8 XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h= E'b&  8P!=E$  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h QK E'b&  8P! QKE$  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Coh**x E'b&  8P!!jEb$ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a6b8673e-6edc-4afb-8391-5d7ff202d05f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 12678224-b46b-4526-b7b9-0d731606325d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8x**h E'b&  8P!Ef$8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hy E'b&  8P!yEf$8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h; E'b&  8P!;ES9 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8hP! E'b&  8Ps-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h  8Prational ElfChnkߢߢXL]$( =f?mMF &**XHI E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!HIES9 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**h$m E'b&  8P!$mE$\@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**h{ E'b&  8P!{E$\@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**@P. E'b&  8P!jP.EP:\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  p;)(A? oData= ContextInfo A' =UserData A% =Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 402b4195-4011-4771-afcd-b5cfe6105de7 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 3b552d63-caf5-46e0-9e6c-e3c13cd30727 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**h  E'b&  8P! E$ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceh**h  E'b&  8P! E$ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**ho6  E'b&  8P!o6 E$l Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & (-h**hB  E'b&  8P!B E$l Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**xT  E'b&  8P!!jT E%l Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d5150d68-796a-4f3c-a38c-da46e5611cc4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 733908dd-0a64-4d60-abae-2bba44da1fc2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error.  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hP&n E'b&  8P!P&nEa> Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hJEn E'b&  8P!JEnE'4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hfSn E'b&  8P!fSnE'4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**x+n E'b&  8P!!j+nE(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e2eb7a1a-e532-4db7-9b45-925201cb38f4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 489351b8-fda9-4b84-a5c0-08e3e77b04f6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**h@n E'b&  8P!@nE(l Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**hn E'b&  8P!nE(l Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**h(^o E'b&  8P!(^oE) Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hq-jo E'b&  8P!q-joE) Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**h3qD E'b&  8P!3qDEI)( \ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hͿR E'b&  8P!ͿREI)( \ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & -h**hMLx E'b&  8P!MLxEN) (Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h E'b&  8P!EN) (Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h`,6 E'b&  8P!`,6E? Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hC E'b&  8P!CE? Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h E'b&  8P!E) Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h ڒ E'b&  8P! ڒE) Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**xl E'b&  8P!!jlEY* Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e33550b6-2f9e-4028-a4d8-22e604eb8c26 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 13d12e35-0190-43a6-93a8-cb13515d5111 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h/ E'b&  8P!/E\* Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h; E'b&  8P!;E\* Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h  E'b&  8P! E@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h  E'b&  8P! E@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h! E'b&  8P!!E* xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h¢! E'b&  8P!!E* x¢Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**xâ! E'b&  8P!!j!E*  âMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ae316c61-edfc-4a23-b554-cdf9fdb3706c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0da0bdb5-67c8-4e22-b4aa-5ef4c3d6b01a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hĢ ɢ! E'b&  8P! ɢ!EMA ĢMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**hŢh! E'b&  8P!h!EMA ŢMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**hƢ$l" E'b&  8P!$l"E+ƢMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hǢ," E'b&  8P!,"E+ǢMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hȢ-J' E'b&  8P!-J'EzAȢMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hɢMɿ' E'b&  8P!Mɿ'EzAɢMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hʢ6' E'b&  8P!6'E+ ʢMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hˢ(' E'b&  8P!('E+ ˢMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**x̢)[( E'b&  8P!!j)[(E, ̢Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 069e8574-255d-49bb-9ccf-11d67f4fe24b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = fbcabc47-fd0f-4880-ba99-fff98b4b19e1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**h͢( E'b&  8P!(E, ͢Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**h΢y( E'b&  8P!y(E, ΢Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**hϢ( E'b&  8P!(EB ϢMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**hТ( E'b&  8P!(EB ТMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**xѢb+") E'b&  8P!!jb+")Ee- ѢMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e098425d-e611-46ee-88fc-249d452f7b3d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 29e30582-17ea-496b-9b1a-bd3b1a992566 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. W E'b&  8P!WE7 >Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ab4-h**h?.W E'b&  8P!.WE7 ?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**x@QTX E'b&  8P!!jQTXES @Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 348166f0-e0fa-47e0-aca0-ec9b79971b36 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b69e8674-6bb8-4e0e-bb08-3dc310031e1c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 2-x**hArX E'b&  8P!rXESx| AMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**hB~X E'b&  8P!~XESx| BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**hCX E'b&  8P!XE#T| CMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hD&X E'b&  8P!&XE#T| DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hEnxX E'b&  8P!nxXE@8\EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hF"X E'b&  8P!"XE@8\FMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hGX E'b&  8P!XEA8 GMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hH8eX E'b&  8P!8eXEA8 HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hI* E'b&  8P!*E8 IMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hJK9 E'b&  8P!K9E8 JMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aSch**hK  E'b&  8P! EUtx KMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a9-h**hL  E'b&  8P! EUtx LMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**hM7  E'b&  8P!7 E#9 MMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**hNΆ'  E'b&  8P!Ά' E#9 NMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**xO  E'b&  8P!!j EVOMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 834e479e-8ede-4a51-ae6e-a5273c7ee8ad Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 3f4e8ac2-2f14-4569-9128-100458d646b6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hPE  E'b&  8P!E E VT PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hQ  E'b&  8P! E VT QMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a-nh**hRx1  E'b&  8P!x1 E898 RMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hSrd=  E'b&  8P!rd= E898 SMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hTUp E'b&  8P!UpEW TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hU E'b&  8P!EW UMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hV"Ѽ E'b&  8P!"ѼEWT VMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hW>ȼ E'b&  8P!>ȼEWT WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hX~ E'b&  8P!~E9 h XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hY E'b&  8P!E9 h YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**xZW` E'b&  8P!!jW`E-: xZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8e9413e8-7ecb-4033-b55c-e2f6deae05fe Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 99107d19-7442-4934-9456-3e85c6ec85f2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**h[)| E'b&  8P!)|EdX  [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**h\I  E'b&  8P!I EdX  \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h]+w  E'b&  8P!+w E^: ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h^l E'b&  8P!lE^: ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h_Ym^ E'b&  8P!Ym^EY| $ _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h`^ E'b&  8P!^EY| $ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**haf E'b&  8P!fEY` aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hbwf E'b&  8P!wfEY` bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hc"h E'b&  8P!"hE7;cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hd%0h E'b&  8P!%0hE7;dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hePmh E'b&  8P!PmhEY,eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hf{h E'b&  8P!{hEY,fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xg{h E'b&  8P!!j{hEjZ,gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d411526e-33c9-4b7f-86b5-387a48ce4627 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f38f780d-acbb-48ed-add7-b92e80378504 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. {x**hhKi E'b&  8P!KiE;hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hi7)i E'b&  8P!7)iE;iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hj rj E'b&  8P! rjEZ@ T jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $h**hk/~j E'b&  8P!/~jEZ@ T kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hlMj E'b&  8P!MjEZlMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hm5j E'b&  8P!5jEZmMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**xnPk E'b&  8P!!jPkE< nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2c2e5e79-06ad-4fe5-9b22-40b15abc1b61 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 29ea2078-feee-4bf5-86cb-9e5872582146 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hoBk E'b&  8P!BkE<L oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hpGNk E'b&  8P!GNkE<L pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a {h**hqmk E'b&  8P!mkE<( qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hr|k E'b&  8P!|kE<( rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**xshk E'b&  8P!!jhkE<( sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e7843422-491f-451a-9206-0affb9de4619 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6ac33455-99c0-4548-aebe-3d44450d2b57 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 1-x**htel E'b&  8P!elE[0 \ tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**huyl E'b&  8P!ylE[0 \ uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**hvqGl E'b&  8P!qGlE[ x vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hwPUl E'b&  8P!PUlE[ x wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hx1nl E'b&  8P!1nlE[xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hyp{l E'b&  8P!p{lE[yMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hz*l E'b&  8P!*lE[ , zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h{ܐl E'b&  8P!ܐlE[ , {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h| E'b&  8P!E= |Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h}E E'b&  8P!EE= }Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a ~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &afb-h**hl E'b&  8P!lEj> Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**hv E'b&  8P!vEv> 8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**hӳ E'b&  8P!ӳEv> 8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h0]"PR E'b&  8P!j; E] | Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*h19_R E'b&  8P!9_REP( 1Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hݢc E'b&  8P!jFREQ( 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*hޢ E'b&  8P!E{C0 ޢMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hߢ E'b&  8P!E{C0 ߢMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach E E'b&  8P12jFxE)DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @pt Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8x**h E'b&  8P!Ef$8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hy E'b&  8P!yEf$8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h; E'b&  8P!;ES9 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8hP! E'b&  8Ps-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h  8Prational ElfChnkӣӣ(%MkG(P=f?mMF&a**;  E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j; E] | Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 49301c55-f2fc-4b97-8eb9-ae857c82e41b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 181386a8-6cca-45d6-8e96-759a2bbe3dbf Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ura**88< E'b&  8P9!88<E]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c(ma**hP$H E'b&  8P!P$HE]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hɺ E'b&  8P!ɺE> Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h E'b&  8P!E> Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aaceh**hk E'b&  8P!kE? Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**hv E'b&  8P!vE? Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**hM E'b&  8P!ME^ @ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**hY E'b&  8P!YE^ @ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hzw E'b&  8P!zwE?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hܛ E'b&  8P!ܛE?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xl E'b&  8P!!jlE_8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0333d7f0-54ee-4cd0-a824-c201da119788 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9890e5bb-543d-4324-83ee-4a0b96a29ef7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. S E'b&  8P!!j>SEA Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = cc1839d9-df7e-4ce1-a80f-2bdb388b7dc3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 18dc0ee8-a962-40a4-a11d-2317719e224b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. EMx**hޅ E'b&  8P!ޅEa xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h d E'b&  8P! dEa xMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h > E'b&  8P! >E b Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hl** E'b&  8P!l**E b Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hZH E'b&  8P!ZHE>BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hoV E'b&  8P!oVE>BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**xCd E'b&  8P!!jCdEb Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1d1634cc-373a-4435-9256-aca30664f087 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 2cfa2df5-9c8c-49ba-ab1e-05f887a91703 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. =x**hհك E'b&  8P!հكEbxT Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h E'b&  8P!EbxT Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a ($h**hV E'b&  8P!VEB Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h e E'b&  8P! eEB Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aTEMh**hDt܅ E'b&  8P!Dt܅EB, `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hl E'b&  8P!lEB, `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hUg  E'b&  8P!Ug EBx  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hĂ E'b&  8P!ĂEBx  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**x E'b&  8P!!jEfCx lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = faf7b94e-2b9a-4ea3-a1de-8995b74e2ef1 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 08c15162-4c10-4373-984c-bf6954aa0227 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rex**h۩ E'b&  8P!۩EhC0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h9ᵆ E'b&  8P!9ᵆEhC0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aMach**hՆ E'b&  8P!ՆEtCD Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad th**hО E'b&  8P!ОEtCD Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ag =h**xoM E'b&  8P!!joME7DD Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c6bd80c6-b61f-414b-8b2d-92dfa680988e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e18fdcb7-c8b9-46f5-81ab-0ad08bb0a641 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. e x**hc j E'b&  8P!c jEd $ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &anPoh**h,v E'b&  8P!,vEd $ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aPreh**hg E'b&  8P!gEdTD Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h;鹇 E'b&  8P!;鹇EdTD Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aMach**h8DՇ E'b&  8P!8DՇEElMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad th**hD E'b&  8P!DEElMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ag =h**hY E'b&  8P!YEE Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hE E'b&  8P!EEE Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a ($h**h#  E'b&  8P!# Efe Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hk  E'b&  8P!k Efe Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aTEMh**h| 2 E'b&  8P!| 2E?E Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h£02 E'b&  8P!02E?E £Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hãyN8 E'b&  8P!yN8Ee| ãMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hģN:8 E'b&  8P!N:8Ee| ģMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hţH 9 E'b&  8P!H 9EE` ţMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hƣ!49 E'b&  8P!!49EE` ƣMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Hh**xǣ,9 E'b&  8P!!j,9E(f` ǣMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8412bf72-0da2-4d6d-a2a0-998f507b3a75 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a8e4700e-d4cf-4cdc-9eb8-8c3147d8dea0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. sox**hȣ{9 E'b&  8P!{9E,f< ȣMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hɣ9 E'b&  8P!9E,f< ɣMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hʣC:: E'b&  8P!C::Efd ʣMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hˣCG: E'b&  8P!CG:Efd ˣMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**ḥ E'b&  8P!E|F(8̣Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hͣI E'b&  8P!IE|F(8ͣMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hΣ2q E'b&  8P!2qEF ΣMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hϣ[ E'b&  8P![EF ϣMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hУ E'b&  8P!EG УMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**hѣ\ E'b&  8P!\EG ѣMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**xңBo E'b&  8P!!jBoEh ңMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 08c50411-e1e5-4462-a1a3-787856162f3d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 670367e9-6b3b-4938-a705-494fb5e962a9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hӣZU E'b&  8P!ZUEhӣMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h8Ps-Pow E'b&  8P/Operational &h  8Prational ElfChnkԣ*ԣ*(r6(=f?mMF&**XԣA E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!AEhԣMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hգe E'b&  8P!eECG` գMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**h֣ E'b&  8P!ECG` ֣Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**hףRn E'b&  8P!RnE#jףMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**hأv;} E'b&  8P!v;}E#jأMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**h٣ E'b&  8P!E|G `٣Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &00-h**hڣ븗 E'b&  8P!븗E|G `ڣMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**hۣ E'b&  8P!Ejjx ۣMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nfih**hܣr E'b&  8P!rEjjx ܣMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Conh**hݣEҘ E'b&  8P!EҘEGd ݣMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**hޣޘ E'b&  8P!ޘEGd ޣMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**@ߣ'^ E'b&  8P!j'^ErHH ߣMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e0137a6c-33c9-4c2f-a83f-25a5bac7b1ab Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 27728ed0-6c5e-47be-ad5d-b77147bd2f89 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**h4 E'b&  8P!4EsHD  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hDH E'b&  8P!DHEsHD  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h_H E'b&  8P!_HEH(DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h W E'b&  8P! WEH(DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h"~ E'b&  8P!"~EH Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hb䌚 E'b&  8P!b䌚EH Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**x3 E'b&  8P!!j3Ek Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = afa99668-0fc8-4355-82ac-f924ea626cbf Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ebaabae2-6047-435d-9675-469ac8403634 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**h4 E'b&  8P!4EIPMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h+ E'b&  8P!+EIPMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**heF E'b&  8P!eFE IHMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hR E'b&  8P!RE IHMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &lenh**x繛 E'b&  8P!!j繛E[IHp Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = cd8887b3-2b3b-4c12-b020-a668c6e7f5ae Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f2821041-6b0e-46e3-8a66-0e7e353601e6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hD՛ E'b&  8P!D՛E`lhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &4 h**h? E'b&  8P!?E`lhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &4 h**h($ E'b&  8P!($EalT Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h1 E'b&  8P!1EalT Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hPF E'b&  8P!PFEdl ,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hP E'b&  8P!PEel Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h`qV E'b&  8P!`qVEdl ,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ctih**hX] E'b&  8P!X]Eel Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Roh**h, E'b&  8P!,ElP8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**h_8 E'b&  8P!_8ElP8 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &essh**h5}J E'b&  8P!5}JEJMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**h͏J E'b&  8P!͏JEJMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &in3h**h YM E'b&  8P! YMEJt pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Wih**hJiM E'b&  8P!JiMEJt pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**hc,M E'b&  8P!c,MEK 4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ommh**hԕM E'b&  8P!ԕMEK 4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t.Ph**x[N E'b&  8P!!j[NEK Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d643a524-51dd-40ae-a8f9-be8ef62318aa Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6508a1a6-abad-4bfc-9f1b-9ff33c78b809 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ssx**h @;N E'b&  8P! @;NEKL X Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**hoIN E'b&  8P!oINEKL X Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &in3h**hֵN E'b&  8P!ֵNEK8 PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Wih**h87N E'b&  8P!87NEK8 PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**hN E'b&  8P!NEnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ommh**h Z E'b&  8P! ZEnMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t.Ph**hu( E'b&  8P!u(Eo Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h;> E'b&  8P!;>Eo Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h^ E'b&  8P!^ELLHMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**hi E'b&  8P!iELLHMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**xRT E'b&  8P!!jRTE{MLT Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d94bb3be-a970-448d-b7ed-f87a1cd8846e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1b7ae64c-c270-4f06-be93-d74645db2b6d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. n3x**h{ E'b&  8P!{E^o Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Wih**h S E'b&  8P!SE^o  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**h _ E'b&  8P!_EM Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ommh**h hd E'b&  8P!hdEM Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t.Ph**h b E'b&  8P!bEMl Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h Ѩ E'b&  8P!ѨEMl Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h7 E'b&  8P!7EMMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**hI* E'b&  8P!I*EMMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**hf E'b&  8P!fE1N Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**hYxDZ E'b&  8P!YxDZE1N Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &b2dh**hXH E'b&  8P!XHE8N Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**hp4 E'b&  8P!p4E8N Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**xYv E'b&  8P!!jYvEN0 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 50b20250-1fee-48f8-a3a0-c45654834d05 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b487a5fa-f585-4c07-b91b-f76b2adefe14 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. icx**hGc E'b&  8P!GcEq( P Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**hȲ E'b&  8P!ȲEq( P Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h E'b&  8P!EN| Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h E'b&  8P!EN| Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h8( E'b&  8P!8(Eq Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h 7 E'b&  8P! 7Eq Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**x3 E'b&  8P!!j3EuO p Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2bddb884-2313-4e02-b174-e3dd8b21d8cb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 84c13ad1-8b51-4576-868e-4b21db19643c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ssx**h+ E'b&  8P!+E?r,  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**hų E'b&  8P!ųE?r,  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &in3h**h0 E'b&  8P!0E:P Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Wih**h'< E'b&  8P!'<E:P Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**h Ϫ  E'b&  8P!Ϫ ErL Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ommh**h! E'b&  8P!ErH !Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t.Ph**h"Q E'b&  8P!QErL"Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h# E'b&  8P!ErH #Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h$qS E'b&  8P!qSErD $Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h%>b E'b&  8P!>bErD %Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**x&-˺ E'b&  8P!!j-˺EPD &Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d3f9f1ac-d67c-4930-853e-c81f0609e03e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8797e093-7942-4f5d-b8e7-cf35c3c7aa6d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ssx**h' E'b&  8P!EP'Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**h(| E'b&  8P!|EP(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &in3h**h)_ E'b&  8P!_EOsT x )Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Wih**h*/ E'b&  8P!/EOsT x *Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h} catch {  E'b&  8P jEsT +Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @d Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hӣZU E'b&  8P!ZUEhӣMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h8Ps-Pow E'b&  8P/Operational &h  8Prational ElfChnk++`>(6!(P=f?mMF&a**+ E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jEsT +Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ba129d7f-c3d9-4769-93da-8da1b51c71f0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = cd2a2742-d1e8-461b-9080-4022c40a4862 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ta**, µ E'b&  8P9! µEs ,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c(2f**h-NjĻ E'b&  8P!NjĻEs -Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aif h**h.o E'b&  8P!oEsD  .Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &and h**h/ E'b&  8P!EsD  /Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aaceh**h0  E'b&  8P! ERdH0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**h1y# E'b&  8P!y#ERdH1Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**h27 E'b&  8P!7ER 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**h3>C E'b&  8P!>CER 3Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**h4b E'b&  8P!bEDRLH4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**h5c E'b&  8P!cEDRLH5Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**h60m E'b&  8P!0mE:u6Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h7vAm E'b&  8P!vAmE:u7Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h8]m E'b&  8P!]mEzR0 8Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h9im E'b&  8P!imEzR0 9Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**x:sm E'b&  8P!!jsmER0 |:Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f8bc2786-50e7-43b8-a30f-55ef909bc645 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f565df00-a4cc-4f1b-bc45-22dd2a49d04c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. {x**h;n E'b&  8P!nERl;Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h<1An E'b&  8P!1AnERl<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h=ר|n E'b&  8P!ר|nES =Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a -h**h>n E'b&  8P!nES >Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h?A޿ E'b&  8P!A޿EdS?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h@] E'b&  8P!]EdS@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hA E'b&  8P!EwhAMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &alenh**hB  E'b&  8P! EwhBMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hCX1  E'b&  8P!X1 Ew x CMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hDC  E'b&  8P!C Ew x DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**xE  E'b&  8P!!j Ew EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4dc1fe13-c202-43e2-b1e2-d68993d413b2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a94a9398-d41a-4623-9d2e-721c6bfc564d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error.  x**hFQ  E'b&  8P!Q Ew FMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hGu  E'b&  8P!u Ew GMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hHmY! E'b&  8P!mY!ET HHMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hIXe! E'b&  8P!Xe!ET HIMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &actih**hJ.? E'b&  8P!.?ETX JMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Roh**hKJL E'b&  8P!JLETX KMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**hL& E'b&  8P!&EMyLMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aessh**hMyx E'b&  8P!yxEMyMMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a } h**hN E'b&  8P!ET NMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ain3h**hO} E'b&  8P!}ET OMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Wih**hP)' E'b&  8P!)'EyHPMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a } h**hQ" E'b&  8P!"EyHQMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aommh**xRY E'b&  8P!!jYEUHRMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8ad911f6-aab4-4355-8db8-42ed22166a7a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ef5a0833-c77b-4ef0-be5f-a4e5b5bfda45 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Scx**hS  E'b&  8P! Ey|,SMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &assh**hT E'b&  8P!Ey|,TMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a } h**hU~Q E'b&  8P!~QEzT UMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ain3h**hV^ E'b&  8P!^EzT VMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Wih**hWL!p E'b&  8P!L!pE9z WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a } h**hX E'b&  8P!E9z XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aommh**hYGb E'b&  8P!GbEUDYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at.Ph**hZH E'b&  8P!HEUDZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aMich**x[h* E'b&  8P!!jh*EK{D [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 47b2983a-9bb2-4a81-9f17-aa796126f0cc Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8a895b85-8af4-47af-9f28-513244c229fd Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. {x**h\e.N E'b&  8P!e.NEVhL\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h]]Z E'b&  8P!]ZEVhL]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h^fgy E'b&  8P!fgyE VD H^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &an3h**h_ ͅ E'b&  8P! ͅE VD H_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Wih**x`i E'b&  8P!!jiE7|D 8 `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = dfc05c81-1551-4c6c-b633-c2a1bc4f3e8f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9716ebc7-6a62-40d5-a70c-042bd6712a43 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ' E'b&  8P!?>'E  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d (h**h= E'b&  8P!=EZx Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**hA6L E'b&  8P!A6LEZx Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**hc E'b&  8P!cEZ X Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**hBlo E'b&  8P!BloEZ X Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**h-ѓ E'b&  8P!-ѓEL  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**h Bݓ E'b&  8P! BݓEL  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hvT E'b&  8P!vTE[T hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hSb` E'b&  8P!Sb`E[T hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h E'b&  8P!EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**ha E'b&  8P!aEMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**xe E'b&  8P!!jeE.\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 372e2690-2e52-4117-97ac-0946b47d36dc Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5099146b-d2ae-4436-9015-f1ecad2e1f52 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 5-x**hE" E'b&  8P!E"EP Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &f (h**ho. E'b&  8P!o.EP Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d (h**hq E'b&  8P!qE\H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**h%^ E'b&  8P!%^E\H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**h-F E'b&  8P!-FEH Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**hF E'b&  8P!FEH Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**h#Q E'b&  8P!#QE\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**h1Q E'b&  8P!1QE\ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hhRQ E'b&  8P!hRQEF Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**h1_Q E'b&  8P!1_QEF Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Sch**xQ E'b&  8P!!jQE]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8be7dc74-578b-4d22-b1ae-323b20d73f95 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c8467715-831e-4b81-95d9-9f62f971daa3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hQ E'b&  8P!QE4 DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**hkxQ E'b&  8P!kxQE4 DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**hdR E'b&  8P!dRE]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**hoR E'b&  8P!oRE]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**hr E'b&  8P!rE]  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**h, E'b&  8P!,E]  Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hmr E'b&  8P!mrE] Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**h_ E'b&  8P!_E] Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & {h**h_/ E'b&  8P!_/EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**h& E'b&  8P!&EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**h#h E'b&  8P!#hElMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &n3h**hv E'b&  8P!vElMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Wih**x\ E'b&  8P!!j\ElMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 76a7b0bc-9488-4485-9cf7-f6a2badbbeb0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6e4ff7e4-eb51-4851-837b-a0adb4c69044 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. w E'b&  8P!>wE= Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hbc E'b&  8P!bcE= Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h" E'b&  8P!"Eb4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h q E'b&  8P! qEb4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xh E'b&  8P!!jhE4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = eba56001-7031-4513-a72c-2205177ed1e3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ef5a3dca-00c0-42fe-a7eb-31f9944c4c9a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**h&Y E'b&  8P!&YEpc(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hD E'b&  8P!DEpc(Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h^ E'b&  8P!^Ecl Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h  E'b&  8P! Ecl Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hgt} E'b&  8P!gt}Ec Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h% E'b&  8P!%Ec Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hJ E'b&  8P!JEcd Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h  E'b&  8P! Ecd Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aSch**x/ E'b&  8P!!j/Ed Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e8c9b142-ea3e-4a1a-b3ba-058939646e38 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0c13a571-dfe3-40eb-b90b-2d26d34dd885 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**h%*T E'b&  8P!%*TEcd Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hl` E'b&  8P!l`Ecd Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h E'b&  8P!Ec, H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h E'b&  8P!Ec, H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**x> E'b&  8P!!j>E, H Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 473e8305-ed3c-4855-9843-04a389fbc764 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9ff701ba-fa78-4ac1-8e62-bd2236a193df Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**h E'b&  8P!EcxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h# E'b&  8P!#EcxMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hm?P E'b&  8P!m?PE엨l Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h#d E'b&  8P!#dE엨l Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h{ E'b&  8P!{E#dpMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h)d E'b&  8P!)dE#dpMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h   E'b&  8P! E Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h 9 E'b&  8P!9E Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a, E'b&  8P9!>,EgX *Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c( S**h+z, E'b&  8P!z,EgX +Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h,2 E'b&  8P!2EgD 0 ,Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &and h**h-K2 E'b&  8P!K2EgD 0 -Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aaceh**h.y 3 E'b&  8P!y 3Egd .Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**h/I3 E'b&  8P!I3Egd /Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**x03 E'b&  8P!!j3E@ 0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7820ee49-2a66-4614-8ea8-bdc4a8ab6c44 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = bb9a7ff0-3c10-459b-a2f1-2a8b83714a71 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**h1 ݮ3 E'b&  8P! ݮ3E9h4 \ 1Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h2+3 E'b&  8P!+3E9h4 \ 2Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h3|3 E'b&  8P!|3EEhh 3Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h4h3 E'b&  8P!h3EEhh 4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $h**x5O4 E'b&  8P!!jO4Euhh 5Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0aa4c9d6-e4d4-4aeb-bfa1-919e53f11520 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6ff5c499-0de5-4528-bc69-fd793fb12854 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. M$ E'b&  8P!M$EĠH>Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h?Y1 E'b&  8P!Y1EĠH?Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h@x E'b&  8P!xE⠨@Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hA! E'b&  8P!!E⠨AMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**hB E'b&  8P!Ej BMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hCl" E'b&  8P!l"Ej CMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**xDD E'b&  8P!!jDE3j DMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f5c744a6-42b4-4411-b6b5-d95ae0cb5e8c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7033d73c-e303-4b0f-9ccf-a850bdd03c4d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hEĵ E'b&  8P!ĵEɡ 4EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hF E'b&  8P!Eɡ 4FMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hG}06 E'b&  8P!}06Ewj\ GMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hH3D E'b&  8P!3DEwj\ HMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (h**hI E'b&  8P!E14 IMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hJ E'b&  8P!E14 JMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hK{ E'b&  8P!{EJpKMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hLfĘ E'b&  8P!fĘEJpLMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hM E'b&  8P!Ek  MMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hNG E'b&  8P!GEk  NMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**xO;h E'b&  8P!!j;hE OMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5b2f2c81-5baf-46ab-af53-8a105c2921b2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 30f249fd-554a-4fa5-b378-21771d4befff Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hP E'b&  8P!E\ PMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hQ E'b&  8P!E\ QMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (h**hR#X E'b&  8P!#XEk<L RMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hS D E'b&  8P! DEk<L SMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hTj; E'b&  8P!j;EkhpTMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hU; E'b&  8P!;EkhpUMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hVB E'b&  8P!BEulVMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hW6B E'b&  8P!6BEulWMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hX~C E'b&  8P!~CE XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hY֋C E'b&  8P!֋CE YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hZH E'b&  8P!k>HED _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af8-h**h`8MH E'b&  8P!8MHED `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &af (h**haftH E'b&  8P!ftHEm$ 4 aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**hb;H E'b&  8P!;HEm$ 4 bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**xc_H E'b&  8P!!j_HE$ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7f3b654d-c8c4-4f19-91ef-a3b1fe73febf Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f8bc56e4-4248-4a4c-9844-c8fe60344553 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hdI E'b&  8P!IE{mx dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**he&I E'b&  8P!&IE{mx eMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (h**hfEI E'b&  8P!EIEm,fMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hg%TI E'b&  8P!%TIEm,gMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**xh پI E'b&  8P!!j پIEm,hMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9b1a9021-714e-4fef-a88d-00b2c8d87a39 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = fe71d94b-3761-41d9-9402-0bfcec4b44ac Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hiHsI E'b&  8P!HsIE iMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hjM_I E'b&  8P!M_IE jMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hkJ E'b&  8P!JE8 kMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hlfbJ E'b&  8P!fbJE8 lMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hmʀ2J E'b&  8P!ʀ2JEŧ < mMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hn?J E'b&  8P!?JEŧ < nMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hoYJ E'b&  8P!YJEȧh oMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hpoeJ E'b&  8P!oeJEȧh pMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (h**hq E'b&  8P!En0 qMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hr E'b&  8P!En0 rMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hs;P E'b&  8P!;PE oD sMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**htW^ E'b&  8P!W^E oD tMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hu~ E'b&  8P!~Eo uMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hvl E'b&  8P!lEo vMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**xw E'b&  8P!!jE  wMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 43005ef1-4762-4d33-8a81-254b8a53e481 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e7cadef5-8668-45b6-8fcb-45c6393b96d4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error.  E'b&  8P![>E_o zMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**h{@ E'b&  8P!@E_o {Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**h|d E'b&  8P!dEdoH|Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**h}q E'b&  8P!qEdoH}Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**h~Џ" E'b&  8P!Џ"Eh~Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &00-h**h{. E'b&  8P!{.EhMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**hPM E'b&  8P!PMEo4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nfih**h5xY E'b&  8P!5xYEo4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Conh**@خ E'b&  8P!jخE4 Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(A?$oData= ContextInfo A'$=UserData A%$=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = adfbb678-0d13-4370-b1ab-d6457552b76e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 50022be4-8f85-4f24-ba3d-3f2acefb8821 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. n@**hj E'b&  8P!jE @ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hK+ E'b&  8P!K+E @ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hLr E'b&  8P!LrEHX Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h} E'b&  8P!}EHX Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h)nS E'b&  8P!)nSEҬ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hGx|S E'b&  8P!Gx|SEҬ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hg5[ E'b&  8P!g5[Eqp L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hSA[ E'b&  8P!SA[Eqp L Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**h8[\ E'b&  8P!8[\E x Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h5$g\ E'b&  8P!5$g\E x Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hOn\ E'b&  8P!On\Eh Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hgZ\ E'b&  8P!gZ\Eh Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xE/] E'b&  8P!!jE/]EUr<Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4c66886a-6561-414f-959a-fd7da5cef678 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e6a40c15-c278-4159-816e-0c791e6159df Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. uex**hZ] E'b&  8P!Z]EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hWf] E'b&  8P!Wf]EMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h` E'b&  8P!`E'X Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hn` E'b&  8P!n`E'X Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h`a E'b&  8P!`aErX Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hL$a E'b&  8P!L$aErX Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**x2a E'b&  8P!!j2aEX 4Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d790cd43-43c5-474f-bae2-1ad9673f6854 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 502cf3f8-8d94-49a1-b6eb-a7cdc6394f34 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**ha E'b&  8P!aEtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hva E'b&  8P!vaEtMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h a E'b&  8P! aEh Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hLga E'b&  8P!LgaEh Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h)b E'b&  8P!)bE> Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h>b E'b&  8P!>bE> Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**x?Cb E'b&  8P!!j?CbE-sHMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ad706085-d33f-478e-8009-1abf676e55a2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 3b0db278-f107-4474-8679-05389f8c5aab Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. {x**hcb E'b&  8P!cbE.sh Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hڿb E'b&  8P!ڿbE.sh Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hb E'b&  8P!bEҮ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hb E'b&  8P!bEҮ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**xrTc E'b&  8P!!jrTcEUs P Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ec6186d2-8748-467b-9cab-dd09878672ab Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b1dc0f06-3974-42b9-9e32-66e1d805fa1d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. eIx**h_oc E'b&  8P!_ocE< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**h}c E'b&  8P!}cE< Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**h3c E'b&  8P!3cEЯ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**hc E'b&  8P!cEЯ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hc E'b&  8P!cEs< (Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h'c E'b&  8P!'cEs< (Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hUc E'b&  8P!UcEﯨ8@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hd E'b&  8P!dEﯨ8@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hgXd E'b&  8P!gXdEL@ P Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hxcd E'b&  8P!xcdEL@ P Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**H/we E'b&  8P-!jweE_@ Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational -@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e7c77d5e-d815-48d2-9880-526ff0afda0e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $os = Get-CimInstance -ClassName Win32_OperatingSystem $license = Get-CimInstance -ClassName SoftwareLicensingProduct | Where-Object { $_.PartialProductKey -ne $null -and $_.Name -like "*Windows*" } | Select-Object -First 1 $slService = Get-CimInstance -ClassName SoftwareLicensingService -ErrorAction SilentlyContinue # Activation status mapping $activationStatus = "unknown" if ($license) { switch ($license.LicenseStatus) { 0 { $activationStatus = "unlicensed" } 1 { $activationStatus = "activated" } 2 { $activationStatus = "out_of_box_grace" } 3 { $activationStatus = "out_of_tolerance_grace" } 4 { $activationStatus = "non_genuine_grace" } 5 { $activationStatus = "notification" } 6 { $activationStatus = "extended_grace" } default { $activationStatus = "unknown" } } } # Edition name mapping from SKU $editionName = "Unknown" $licenseFamily = "Unknown" if ($os.OperatingSystemSKU) { switch ($os.OperatingSystemSKU) { 7 { $editionName = "Server Standard"; $licenseFamily = "ServerStandard" } 8 { $editionName = "Server Datacenter"; $licenseFamily = "ServerDatacenter" } 10 { $editionName = "Server Enterprise"; $licenseFamily = "ServerEnterprise" } 12 { $editionName = "Server Datacenter (Core)"; $licenseFamily = "ServerDatacenter" } 13 { $editionName = "Server Standard (Core)"; $licenseFamily = "ServerStandard" } 14 { $editionName = "Server Enterprise (Core)"; $licenseFamily = "ServerEnterprise" } 39 { $editionName = "Server Datacenter (No GUI)"; $licenseFamily = "ServerDatacenter" } 40 { $editionName = "Server Standard (No GUI)"; $licenseFamily = "ServerStandard" } default { $editionName = $os.Caption } } } # Detect server role (Full GUI, Server Core, Nano) $serverRole = "Full GUI" $installationType = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Name InstallationType -ErrorAction SilentlyContinue if ($installationType) { switch ($installationType.InstallationType) { "Server Core" { $serverRole = "Server Core" } "Nano Server" { $serverRole = "Nano Server" } default { $serverRole = "Full GUI" } } } # KMS/MAK activation details $metadata = @{ license_channel = "Unknown" license_family = $licenseFamily server_role = $serverRole } # Get KMS server information $kmsReg = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" -ErrorAction SilentlyContinue if ($kmsReg) { if ($kmsReg.KeyManagementServiceMachine) { $metadata.kms_server = $kmsReg.KeyManagementServiceMachine if ($kmsReg.KeyManagementServicePort) { $metadata.kms_server = "$($kmsReg.KeyManagementServiceMachine):$($kmsReg.KeyManagementServicePort)" } $metadata.license_channel = "Volume" } if ($kmsReg.VLActivationInterval) { $metadata.activation_interval = $kmsReg.VLActivationInterval } if ($kmsReg.VLRenewalInterval) { $metadata.renewal_interval = $kmsReg.VLRenewalInterval } } # Grace period and expiration info if ($license) { if ($license.GracePeriodRemaining) { $graceDays = [math]::Floor($license.GracePeriodRemaining / 1440) $metadata.grace_period_remaining = $graceDays } # License channel detection if ($license.ProductKeyChannel) { $metadata.license_channel = $license.ProductKeyChannel } elseif ($license.Description -match "MAK") { $metadata.license_channel = "MAK" } elseif ($license.Description -match "KMS") { $metadata.license_channel = "Volume" } elseif ($license.Description -match "OEM") { $metadata.license_channel = "OEM" } elseif ($license.Description -match "Retail") { $metadata.license_channel = "Retail" } # License family from product if ($license.LicenseFamily) { $metadata.license_family = $license.LicenseFamily } } # Terminal Services / RDS CAL information $tsLicensingMode = "Not configured" $tsPath = "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\Licensing Core" if (Test-Path $tsPath) { $licensing = Get-ItemProperty -Path $tsPath -ErrorAction SilentlyContinue if ($licensing -and $licensing.LicensingMode) { switch ($licensing.LicensingMode) { 2 { $tsLicensingMode = "Per Device" } 4 { $tsLicensingMode = "Per User" } 5 { $tsLicensingMode = "Not Configured" } default { $tsLicensingMode = "Unknown" } } $metadata.rds_licensing_mode = $tsLicensingMode } } # Check for domain membership (affects CAL requirements) $computerSystem = Get-CimInstance -ClassName Win32_ComputerSystem -ErrorAction SilentlyContinue if ($computerSystem) { if ($computerSystem.PartOfDomain) { $metadata.domain_joined = $true $metadata.domain_name = $computerSystem.Domain } else { $metadata.domain_joined = $false } } $result = @{ ProductName = $os.Caption Version = $os.Version Edition = $editionName PartialKey = if ($license) { $license.PartialProductKey } else { "" } ActivationStatus = $activationStatus LicenseType = if ($license) { $license.Description } else { "" } Metadata = ($metadata | ConvertTo-Json -Compress) } $result | ConvertTo-Json Engine Version = 4.0 Runspace ID = 6d7965b3-fd8c-4d9b-a429-ba4966130ed8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. H/**hEe E'b&  8P!EeEd0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ve h**hxe E'b&  8P!xeEd0Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-Deh**hfRg E'b&  8P!fRgEttMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & $rh**h^g E'b&  8P!^gEttMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**hozg E'b&  8P!ozgE Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &hish**hZg E'b&  8P!ZgE Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**hh E'b&  8P!hEMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & }h**h(h E'b&  8P!(hEMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h@h E'b&  8P!@hE# E'b&  8P!!j;>#D`60 WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 12e8ac13-9e28-4d16-b543-0f09ee2bef8a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4097b003-9ee5-4cbf-8b97-98130e3dd4e3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 54x**hWga# E'b&  8P!ga#Da6 WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hWRm# E'b&  8P!Rm#Da6 WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a erh**hW# E'b&  8P!#Db68WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**hW# E'b&  8P!#Db68WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**xW/# E'b&  8P!!j/#D lWMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5c4ea7c1-7949-44c7-b4fb-17b994b2427a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 46fc29f9-671a-437b-9a21-b73fa112abf9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. m x**hW3# E'b&  8P!3#D68 WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**hW'# E'b&  8P!'#D68 WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**hWWn# E'b&  8P!Wn#D7d WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**hWs$}# E'b&  8P!s$}#D7d WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**hW# E'b&  8P!#D| | WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**hW͗# E'b&  8P!͗#D}$ WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**hW# E'b&  8P!#D| | WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**hW# E'b&  8P!#D}$ WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &acath**hW=U|$ E'b&  8P!=U|$D7l WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sih**hW|$ E'b&  8P!|$D7l WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aon h**hWE$ E'b&  8P!E$D7`8WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aSelh**hWgδ$ E'b&  8P!gδ$D7`8WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hWLѝ$ E'b&  8P!Lѝ$D7L WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad Gh**hWޝ$ E'b&  8P!ޝ$D7L WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a-anh**xWO$ E'b&  8P!!jO$D-8L WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8be85eef-a699-45ad-8405-7771b2ab863d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 755cb384-f4c2-40cf-a3ae-69fff9e6d24d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. atx**hWh$ E'b&  8P!h$D18p WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sih**hWu$ E'b&  8P!u$D18p WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aon h**hWwٞ$ E'b&  8P!wٞ$D0PWMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aSelh**hWt$ E'b&  8P!t$D0PWMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hW.% E'b&  8P!.%D WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad Gh**hW.% E'b&  8P!.%D WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a-anh**hWzXuP% E'b&  8P!zXuP%D9\ WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ay -h**hWP% E'b&  8P!P%D9\ WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hWxSP% E'b&  8P!xSP%D4 WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hW׬P% E'b&  8P!׬P%D4 WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xWIQ% E'b&  8P!!jIQ%D WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2c08de28-4621-447a-9bb3-3390cf871fab Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9aa26625-fdb1-4e71-9400-e402b8a7617f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hW62Q% E'b&  8P!62Q%DDWMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad Gh**hWNS=Q% E'b&  8P!NS=Q%DDWMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a-anh**hWQ% E'b&  8P!Q%DV$ HWMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ay -h**hWխQ% E'b&  8P!խQ%DV$ HWMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hW;n% E'b&  8P!;n%DDWMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hW% E'b&  8P!%DDWMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hWk% E'b&  8P!k%D&;t WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hW%% E'b&  8P!%%D&;t WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hW% E'b&  8P!%D';,l WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hW|% E'b&  8P!|%D';,l WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hWd% E'b&  8P!d%D@ WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Hoh**hW% E'b&  8P!%D@ WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aExeh**xWkm% E'b&  8P!!jkm%D @ WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = aff0140c-c539-483d-8f8d-3b7ea7b2fee2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 73a763c4-0a38-4c8d-9704-98c5228c477f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hW 0% E'b&  8P! 0%D (WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hW% E'b&  8P!%D (WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hWG& E'b&  8P!G&Dcl T WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hWR& E'b&  8P!R&Dcl T WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hW{ o& E'b&  8P!{ o&Do8WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hW{& E'b&  8P!{&Do8WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xWE& E'b&  8P!!jE&DAWMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1cc085ac-8bb2-4c6f-b5eb-8716f3bacbd3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 24fe07e3-eed1-435b-8109-565c29c934c1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hW& E'b&  8P!&D6<$ WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad Gh**hWRu& E'b&  8P!Ru&D6<$ WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a-anh**hWOe& E'b&  8P!Oe&DYWMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ay -h**hWf;q& E'b&  8P!f;q&DYWMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hW,>& E'b&  8P!,>&D= WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hWJ& E'b&  8P!J&D= WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hW h& E'b&  8P! h&D=WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hW t& E'b&  8P! t&D=WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xWM& E'b&  8P!!jM&D' WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 328bb21c-0faa-48b0-8779-5cd6c4169fa6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4676870d-d6b1-4abe-9a24-91c71147114e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hW& E'b&  8P!&D* pWMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad Gh**hW & E'b&  8P! &D* pWMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a-anh**hWo&& E'b&  8P!o&&D6 T WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ay -h**hWC3& E'b&  8P!C3&D6 T WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**xWYʚ& E'b&  8P!!jYʚ&D  WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2f22840e-495b-4f0a-b864-feea29b5e6be Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 458282c8-d55b-4239-ae7f-abb55b8cdd0c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. nax**hW'& E'b&  8P!'&D<> T WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonah**hW& E'b&  8P!&D<> T WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hW& E'b&  8P!&D>$0 WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hW& E'b&  8P!&D>$0 WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hW)/& E'b&  8P!)/&D P WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hW;& E'b&  8P!;&D P WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hW}& E'b&  8P!}&DWMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah  8Prational &ElfChnkW?XW?Xxrt_ D{w(=f?mMFQ&**XWs& E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!s&DWMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hWC& E'b&  8P!C&D*?WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hWQ& E'b&  8P!Q&D*?WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**hW q& E'b&  8P! q&D tWMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**hWI& E'b&  8P!I&D tWMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**@WC& E'b&  8P!jC&D? WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Qp;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7bc4ce17-d89c-4f0d-8c29-4b5854250076 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7c6fc5ab-4deb-4000-b972-8ec39e48f4a7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**hWBO & E'b&  8P!BO &D?T WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & (-h**hW;& E'b&  8P!;&D?T WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hWB& E'b&  8P!B&D?TL WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hW#“& E'b&  8P!#“&D?TL WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hWF' E'b&  8P!F'D@ L WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hWuF' E'b&  8P!uF'D@ L WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hW"P{' E'b&  8P!"P{'D@ WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hW%{' E'b&  8P!%{'D@ WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hW{C{' E'b&  8P!{C{'Dp8 WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hWPQ{' E'b&  8P!PQ{'Dp8 WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**xW{' E'b&  8P!!j{'D80WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = cec06daa-4da5-4b9a-8638-e3e66fb61e16 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5c0dc302-1eae-46a8-b0b9-fa4253aa9dc1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**hWu{' E'b&  8P!u{'D@ DWMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hWJ{' E'b&  8P!J{'D@ DWMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hW5F|' E'b&  8P!5F|'DPWMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hW!R|' E'b&  8P!!R|'DPWMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hW)' E'b&  8P!)'DL WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hW$' E'b&  8P!$'DL WMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hXe!F ( E'b&  8P!e!F (DB  XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hX R ( E'b&  8P! R (DB  XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hX( E'b&  8P!(DBp XXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hXl( E'b&  8P!l(DBp XXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hX?( E'b&  8P!?(DH\ XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hX( E'b&  8P!(DH\ XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xXCo( E'b&  8P!!jCo(D׭\ XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7106d0c6-e71e-4516-a1c7-c57d0db3f702 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 95e3f8ca-fc04-4bb1-a7e2-107daa20b212 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**hX( E'b&  8P!(Dۭ8LXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hX( E'b&  8P!(Dۭ8LXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h X}X( E'b&  8P!}X(D&C`T XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h XWd( E'b&  8P!Wd(D&C`T XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h X=M( E'b&  8P!=M(D4$ D XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h X( E'b&  8P!(D4$ D XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**x X4( E'b&  8P!!j4(DC$ X XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 17d1dbc5-e30f-4541-a137-301497d46a22 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5fccea11-ed66-4c12-8f05-b1c0ff1108d1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hX %( E'b&  8P! %(DѮ0XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hXW4( E'b&  8P!W4(DѮ0XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hXP( E'b&  8P!P(DC8 dXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hXu\( E'b&  8P!u\(DC8 dXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**xX^( E'b&  8P!!j^(DD8 XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1d1cb0bf-d1c8-4a7f-8094-7f43666a1a87 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9bb69598-88d3-4f36-a7e0-4185037cd9e0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**hXR3( E'b&  8P!R3(Dt \XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hX( E'b&  8P!(Dt \XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hX˰)( E'b&  8P!˰)(DD HXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hXF( E'b&  8P!F(DD HXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hXMO( E'b&  8P!MO(DY TXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hX\( E'b&  8P!\(DD0XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hX \( E'b&  8P! \(DY TXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hXΡh( E'b&  8P!Ρh(DD0XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hX{c( E'b&  8P!{c(DE XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**hXG/o( E'b&  8P!G/o(DE XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hX\( E'b&  8P!\(DE pXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hXYh( E'b&  8P!Yh(DE pXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hX#k( E'b&  8P!#k(Dl,dXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h X͒( E'b&  8P!͒(Dl,d XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**x!X( E'b&  8P!!j(DJF,!XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f6aeff6e-3f2f-4e56-8974-9a87061ba175 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = bc8671e9-c21f-4b4e-9db1-4e656a2c4a31 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h"X( E'b&  8P!(DNFH0 "XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h#X!#( E'b&  8P!!#(DNFH0 #XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h$XM=( E'b&  8P!M=(DGt$XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h%X)( E'b&  8P!)(DGt%XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h&X_4_) E'b&  8P!_4_)D%l&XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h'X .C_) E'b&  8P! .C_)D%l'XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h(XYh-) E'b&  8P!Yh-)DG` (XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h)Xe;) E'b&  8P!e;)DG` )XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h*XzuZ) E'b&  8P!zuZ)DG ,*XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h+X_f) E'b&  8P!_f)DG ,+XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**x,Xjۃ) E'b&  8P!!jjۃ)DH  ,XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 04b71475-1ea5-48f2-97fa-db60d9d967d0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8f71c058-4e48-4a3c-8323-49330ff45e9b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h-X) E'b&  8P!)DH -XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h.X) E'b&  8P!)DH .XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h/X\w) E'b&  8P!\w)D0| /XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h0XG) E'b&  8P!G)D0| 0XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h1X* E'b&  8P!*DL1XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h2XC* E'b&  8P!C*DL2XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h3XY!* E'b&  8P!Y!*D 3XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h4XE!* E'b&  8P!E!*D 4XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h5Xhr.* E'b&  8P!hr.*DJ< ( 5XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h6Xi^.* E'b&  8P!i^.*DJ< ( 6XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**7X'.* E'b&  8P]!j'.*DJ< 7XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 16dca489-f4f7-4a97-8c92-4a66f4563bb1 Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-ozob0q1u.1lo.ps1 Engine Version = 4.0 Runspace ID = db5cad2e-3ce1-4df3-a144-990940f03f70 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Yʚ**h8XGF.* E'b&  8P!GF.*DJ 8XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Seh**h9Xk /* E'b&  8P!k /*DJ 9XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-Noh**x:XDy/* E'b&  8P!!jDy/*DjK :XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9efd84d3-60c2-4239-8661-e00c0cd64b01 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = db6e1dd7-b675-4e1d-8aee-1ea3dc107d1b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h;Xi^/* E'b&  8P!i^/*D@0;XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hXǽ2* E'b&  8P!ǽ2*D|K >XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &}h**h?XN 2* E'b&  8P!N 2*Dn| ?XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8hPrational &ElfChnk@XX@XX0!#&H#Y( =f?mMF &**X@X,2* E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!,2*Dn| @XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**@AX'F2* E'b&  8P!j'F2*DoL AXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  p;)(A? oData= ContextInfo A' =UserData A% =Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b9ce76cd-4dfd-40bc-973e-bcf91716ef70 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a83e25a7-d205-4f5c-9412-50b251a40a2b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**hBX@d=* E'b&  8P!@d=*Dx BXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ct h**hCXyp=* E'b&  8P!yp=*Dx CXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &$mah**hDXiH* E'b&  8P!iH*D$ DXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sh**hEX*H* E'b&  8P!*H*D$ EXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hFX I* E'b&  8P! I*DLFXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & (-h**hGX}{I* E'b&  8P!}{I*DLGXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**xHX-I* E'b&  8P!!j-I*DM HXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = bcac6b12-f886-4f36-8bc3-61812c47a467 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a9985149-cb9c-4689-93da-00c1dd1551bb Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hIXI* E'b&  8P!I*DM\  IXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**hJXg޽I* E'b&  8P!g޽I*DM\  JXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**hKXQ* E'b&  8P!Q*DI KXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**hLXHQ* E'b&  8P!HQ*DI LXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**hMX R* E'b&  8P! R*DiM8 , MXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hNXR* E'b&  8P!R*DiM8 , NXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**xOXR* E'b&  8P!!jR*D)N8 OXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b0ffd02a-e0d5-45cd-bdde-6705e7a5d7d9 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0aee8721-400d-4c18-aaaf-c4effcd472dd Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. + E'b&  8P!A>+DSrXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**hsX0R+ E'b&  8P!0R+D\p sXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**htXll^+ E'b&  8P!ll^+D\p tXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**huXv+ E'b&  8P!v+DH|uXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hvX<+ E'b&  8P!<+DH|vXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hwXb+ E'b&  8P!b+DwXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hxX7+ E'b&  8P!7+DxXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hyXs+ E'b&  8P!s+DSyXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hzX0+ E'b&  8P!0+DSzXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h{XäŹ+ E'b&  8P!äŹ+D{XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h|Xӹ+ E'b&  8P!ӹ+D|XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h}X+ E'b&  8P!+DS| }XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h~XĻ+ E'b&  8P!Ļ+DS| ~XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hX9+ E'b&  8P!9+DS$ ,XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hX%+ E'b&  8P!%+DS$ ,XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hXw&+ E'b&  8P!w&+DSlXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hXdK$+ E'b&  8P!dK$+DSlXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hX1+ E'b&  8P!1+D |XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hXu=+ E'b&  8P!u=+D |XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hXL+ E'b&  8P!L+DSt XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hXX+ E'b&  8P!X+DSt XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hXS5h+ E'b&  8P!S5h+D XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hXsu+ E'b&  8P!su+D XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hX⃺+ E'b&  8P!⃺+DSL XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hXtΏ+ E'b&  8P!tΏ+DSL XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hX:+ E'b&  8P!:+D L XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hX&+ E'b&  8P!&+D L XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hXy+ E'b&  8P!y+DS, XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hXƺ+ E'b&  8P!ƺ+DS, XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hXԺ+ E'b&  8P!Ժ+D XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hXL+ E'b&  8P!L+D XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hX+ E'b&  8P!+DS XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hX+ E'b&  8P!+DS XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hX + E'b&  8P! +DT0 XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hX+ E'b&  8P!+DT0 XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hX:'+ E'b&  8P!:'+DTXXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hXͥ1+ E'b&  8P!ͥ1+DTXXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hXA+ E'b&  8P!A+D XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hX$L+ E'b&  8P!$L+D XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hXU[+ E'b&  8P!U[+D X XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Coh**hX2h+ E'b&  8P!2h+D X XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &xe h**hXUv+ E'b&  8P!Uv+D" \XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &70 h**hX.+ E'b&  8P!.+D" \XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &UP\h**hX^P+ E'b&  8P!^P+D# XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hX + E'b&  8P! +D# XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hX+ E'b&  8P!+D)XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hXL9+ E'b&  8P!L9+D)XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hX˻+ E'b&  8P!˻+DT XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nceh**hX p׻+ E'b&  8P! p׻+DT XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &,Inh**hX+ E'b&  8P!+DT$XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &apth**hXB+ E'b&  8P!B+DT$XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &00-h**hX+ E'b&  8P!+DT |XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ch h**hXʊ+ E'b&  8P!ʊ+DT |XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Adah**hX\Q+ E'b&  8P!\Q+D2,XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rkAh**hX%=*+ E'b&  8P!%=*+D2,XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**hX:+ E'b&  8P!:+D'TdXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= h**hX6E+ E'b&  8P!6E+D'TdXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hXV+ E'b&  8P!V+D8XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hX@`+ E'b&  8P!@`+D8XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hXɆq+ E'b&  8P!Ɇq+D+T| XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hXr}+ E'b&  8P!r}+D+T| XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hX+ E'b&  8P!+D,Th XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh-PowerShell/Operational &8hPrational &ElfChnkXYXYomS($B=f?mMFA&**XX䠼+ E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!䠼+D,Th XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hXm+ E'b&  8P!m+D0T XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hXXǼ+ E'b&  8P!XǼ+D0T XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Verh**hX+ E'b&  8P!+DT XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Acth**hXfP$+ E'b&  8P!fP$+DT XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t Rh**hX?+ E'b&  8P!?+Da XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &r =h**hXK+ E'b&  8P!K+Da XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &resh**hXΕ+ E'b&  8P!Ε+DT XXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & }h**hXT1+ E'b&  8P!T1+DT XXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Winh**hXN6+ E'b&  8P!N6+DfPlXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &s Wh**hX9B+ E'b&  8P!9B+DfPlXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &s }h**hXVT+ E'b&  8P!VT+Dg@ X XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Comh**hX`+ E'b&  8P!`+Dg@ X XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ft.h**hXkrq+ E'b&  8P!krq+DoL XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**hXz+ E'b&  8P!z+DoL XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**hXl+ E'b&  8P!l+DU XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**hX٘+ E'b&  8P!٘+DU XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**hXv+ E'b&  8P!v+DU| XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**hXbȾ+ E'b&  8P!bȾ+DU| XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**hXݐܾ+ E'b&  8P!ݐܾ+DXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**hXw+ E'b&  8P!w+DXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &bc3h**hX"Y+ E'b&  8P!"Y+D4 XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**hX+ E'b&  8P!+D4 XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &et-h**hX+ E'b&  8P!+D0U 8XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &dexh**hX/#+ E'b&  8P!/#+D0U 8XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &daph**hX:+ E'b&  8P!:+D0|XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t $h**hXF+ E'b&  8P!F+D0|XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &.IPh**hXk_+ E'b&  8P!k_+DOUXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &$_.h**hXWk+ E'b&  8P!Wk+DOUXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &} h**hX;+ E'b&  8P!;+DQU`XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ipth**hX'+ E'b&  8P!'+DQU`XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &**h**hXC+ E'b&  8P!C+D]U L XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &**h**hX/+ E'b&  8P!/+D]U L XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &**h**hXaIM, E'b&  8P!aIM,DUH XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &**h**hXXM, E'b&  8P!XM,DUH XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &**h**hX9N, E'b&  8P!9N,DUXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &**h**hX[GN, E'b&  8P![GN,DUXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &**h**hXU, E'b&  8P!U,DV XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hX U, E'b&  8P! U,DV XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ellh**hXU, E'b&  8P!U,D4@XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &e) h**hXPV, E'b&  8P!PV,D4@XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nueh**@XjpV, E'b&  8P!jjpV,D2V@| XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Ap;)(A?$BoData= ContextInfo A'$B=UserData A%$B=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f9b39369-8de7-42fd-a060-fb030663c3fa Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ce4d2e16-0334-449d-ad78-88a5ea7b76ab Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. W@**hXkV, E'b&  8P!kV,DL ,XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &st h**hX8{V, E'b&  8P!8{V,DL ,XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & $mh**hX$a, E'b&  8P!$a,D%lXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &trih**hX0a, E'b&  8P!0a,D%lXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &fach**hXSa, E'b&  8P!Sa,DVp XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &00'h**hXk`a, E'b&  8P!k`a,DVp XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &oreh**xX(a, E'b&  8P!!j(a,DPWXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational A@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 477041df-b6dd-442f-9250-a0d6df60b582 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 196e1e38-5aed-4e52-8b6e-719172fc1576 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**hX&a, E'b&  8P!&a,Di\XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hX[a, E'b&  8P![a,Di\XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hX#lb, E'b&  8P!#lb,DQW0 XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hXW b, E'b&  8P!W b,DQW0 XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**xXrPb, E'b&  8P!!jrPb,DW0 XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational A@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b44445d8-0421-4c52-a215-9acd92d25906 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 2e5b0a57-9a56-4177-823b-ebfcb6f0799a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $cx**hXݩb, E'b&  8P!ݩb,DWXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &fg)h**hXb, E'b&  8P!b,DWXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Ph**hXb, E'b&  8P!b,DX8 XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hX= c, E'b&  8P!= c,DX8 XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hXq1 c, E'b&  8P!q1 c,Dp XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hXQw$c, E'b&  8P!Qw$c,DX XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hX6-c, E'b&  8P!6-c,Dp XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hXg/c, E'b&  8P!g/c,DX XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hXfx - E'b&  8P!fx -DĻ XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hX - E'b&  8P! -DĻ XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hXw-- E'b&  8P!w--D5Y$xXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hX;- E'b&  8P!;-D5Y$xXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hXX- E'b&  8P!X-D&xXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &st h**hXd- E'b&  8P!d-D&xXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & $mh**xX- E'b&  8P!!j-DY4XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational A@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3212a21e-eb98-49ef-80e6-8dea25d8f71b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 29c7bf9d-668c-45c2-9d88-ab90b824da1d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**hX[- E'b&  8P![-Dv XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hX- E'b&  8P!-Dv XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hXưn- E'b&  8P!ưn-D? |XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hX {- E'b&  8P! {-D? |XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hXڳ- E'b&  8P!ڳ-D,XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hXo- E'b&  8P!o-D,XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hX9- E'b&  8P!9-DZdXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hX$- E'b&  8P!$-DZdXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hXU/%- E'b&  8P!U/%-D (XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hXm2- E'b&  8P!m2-D (XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**xX}- E'b&  8P!!j}-D6 XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational A@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 113901f9-2255-43f6-9e54-ece1223d6c35 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a0db3099-6300-4872-80c5-639bfc56a707 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8x**hY'F- E'b&  8P!'F-D: YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hYw2- E'b&  8P!w2-D: YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hYѽ*- E'b&  8P!ѽ*-Dr` YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hY{27- E'b&  8P!{27-Dr` YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hY@e. E'b&  8P!@e.D T YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hYDMe. E'b&  8P!DMe.D T YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hYnff. E'b&  8P!nff.D(  YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hYf. E'b&  8P!f.D(  YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hYtRn. E'b&  8P!tRn.D\<< YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h YYzn. E'b&  8P!Yzn.D\<< YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h Yc o. E'b&  8P!c o.D\ YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h Y5.o. E'b&  8P!5.o.D\ YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**x Y-o. E'b&  8P!!j-o.D] YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational A@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 03afa2a7-42f4-4ddd-829e-4612562cff15 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 15b219b3-736c-4847-8599-ce62ff5e6d26 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. P\x**h Yo. E'b&  8P!o.D] YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hYo. E'b&  8P!o.D]YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hYzUy. E'b&  8P!zUy.Dk^YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hYoay. E'b&  8P!oay.Dk^YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**Yxy. E'b&  8P]!jxy.Dr^ YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational A@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0f348998-eac5-4c3a-bfc3-270fa0bab0b7 Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-gvgiep1o.f4k.ps1 Engine Version = 4.0 Runspace ID = afedfce6-249f-4f26-9a35-afae8f99545e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ft-W**hYՄy. E'b&  8P!Մy.Dſ YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hYy. E'b&  8P!y.Dſ YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Whdows-PowerSh E'b&  8PE'bjy.D< YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational A@dows-PowerShell/Operational & { h**hX:+ E'b&  8P!:+D'TdXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= h**hX6E+ E'b&  8P!6E+D'TdXMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hXV+ E'b&  8P!V+D8XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hX@`+ E'b&  8P!@`+D8XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hXɆq+ E'b&  8P!Ɇq+D+T| XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hXr}+ E'b&  8P!r}+D+T| XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hX+ E'b&  8P!+D,Th XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh-PowerShell/Operational &8hPrational &ElfChnkY^YY^YX|vX (P=f?mMF&a**Yy. E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jy.D< YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 144f2682-4109-4a30-8f25-bfbb657c7a4d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 2c38e1ab-6e62-46da-8fc9-ed89f3416361 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. **YD#z. E'b&  8P9!D#z.DT L YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c( **hY0/z. E'b&  8P!0/z.DT L YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hYy{. E'b&  8P!y{.D^\ YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hYV|. E'b&  8P!V|.D^\ YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hY$\"|. E'b&  8P!$\"|.D YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hYG.|. E'b&  8P!G.|.D YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**xY{|. E'b&  8P!!j{|.D_ ,YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f65d0947-9f4b-44f7-bd22-5aa2a4b20354 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f635929b-f2a5-4481-ab55-c32750638ce0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hY Ç. E'b&  8P! Ç.D$ h YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hY χ. E'b&  8P! χ.D$ h YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hYS`. E'b&  8P!S`.D_YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hY5o. E'b&  8P!5o.D_YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h Y㶩. E'b&  8P!㶩.D YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h!YĢ. E'b&  8P!Ģ.D !YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**x"Yh. E'b&  8P!!jh.D"YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 393fa56a-9074-4a49-bfa5-270cee3dedab Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 2c87da65-0b1f-4655-892c-50ad5cff9b78 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h#YJ. E'b&  8P!J.D #YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &antlh**h$YPV. E'b&  8P!PV.D $YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h%Ysݖ. E'b&  8P!sݖ.D( %YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aecth**h&Yu. E'b&  8P!u.D( &YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a49dh**h'Y . E'b&  8P! .DS`$ < 'YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h(Y//. E'b&  8P!//.DS`$ < (YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**x)Y. E'b&  8P!!j.D$ @)YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e493a37d-bdec-49c4-b79e-2400f2c9a09b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4882562c-d3b1-4efc-ab1a-356f6e2fbe7f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h*YW. E'b&  8P!W.D, *YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atlyh**h+YM}. E'b&  8P!M}.D, +YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a -Fh**h,YF֗. E'b&  8P!F֗.D P,YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**h-Y. E'b&  8P!.D P-YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a52-h**x.YbG. E'b&  8P!!jbG.DIa  .YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1d3518aa-493b-4289-9f0d-77bc741029f4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 30e3346a-f923-4523-84fe-99f2f3016fb2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h/Yb. E'b&  8P!b.DKa /YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atlyh**h0Yқn. E'b&  8P!қn.DKa 0YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a -Fh**h1YC. E'b&  8P!C.DZ\d1YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**h2YS͘. E'b&  8P!S͘.DZ\d2YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a77-h**h3Ylޘ. E'b&  8P!lޘ.D`0 ,3YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h4Y. E'b&  8P!.Da 4YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aWh**h5Y. E'b&  8P!.D`0 ,5YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aWh**h6Y). E'b&  8P!).Da 6YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aXh**h7Y>=/ E'b&  8P!>=/D7YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aXh**h8Y oJ=/ E'b&  8P! oJ=/D8YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h9YI/ E'b&  8P!I/D 9YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aXh**h:Y+LI/ E'b&  8P!+LI/D :YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h;Y J/ E'b&  8P! J/Dp ;YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aXh**hYšJ/ E'b&  8P!šJ/Db|>YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atlyh**h?YJ/ E'b&  8P!J/Db|?YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a -Fh**h@Y#gK/ E'b&  8P!#gK/D%c8 @YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hAYx K/ E'b&  8P!x K/D%c8 AYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ac2-h**hBY / E'b&  8P! /D ,BYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hCYg/ E'b&  8P!g/D ,CYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &avh**hDY/ E'b&  8P!/D:dDYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &avh**hEY^/ E'b&  8P!^/D:dEYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a?h**hFY/ E'b&  8P!/D FYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a?h**hGYH/ E'b&  8P!H/D GYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xHYAZ/ E'b&  8P!!jAZ/DdlHYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0fffbd87-eaf9-4e58-8765-7fdef924c0bb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0fc70bd5-47f3-4571-acbc-01d4ba6f01d6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hIYt/ E'b&  8P!t/D= IYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atlyh**hJY}Հ/ E'b&  8P!}Հ/D= JYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a -Fh**hKY/ E'b&  8P!/Dz KYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hLY&/ E'b&  8P!&/Dz LYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a72-h**hMY0 E'b&  8P!0DMYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hNYF 0 E'b&  8P!F 0DNYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a:h**hOY0 E'b&  8P!0D2f\OYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a:h**hPYE0 E'b&  8P!E0D2f\PYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arh**hQYv+0 E'b&  8P!v+0D5f QYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arh**hRYLb70 E'b&  8P!Lb70D5f RYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xSY%{0 E'b&  8P!!j%{0D SYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 31380861-1a8f-49ee-8e57-2e4975639ad8 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4d857583-1c4e-465b-817e-e14c4009b11e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hTY>WϠ0 E'b&  8P!>WϠ0D^fd |TYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a($ah**hUYC۠0 E'b&  8P!C۠0D^fd |UYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hVYV 0 E'b&  8P!V 0D\ VYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atlyh**hWY|x0 E'b&  8P!|x0D\ WYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a -Fh**hXY^$50 E'b&  8P!^$50DX XYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hYYC0 E'b&  8P!C0DX YYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a47-h**xZY 0 E'b&  8P!!j 0DgTZYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4836a9eb-3707-4d86-a563-1da1eba724b6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1c54a4c9-39e6-4945-8b3c-230a1455cf92 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h[Yhϥ0 E'b&  8P!hϥ0Dg< $ [YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h\Yܥ0 E'b&  8P!ܥ0Dg< $ \YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h]Y0 E'b&  8P!0D ]YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h^Y0 E'b&  8P!0D ^YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah E'b&  8PjUh0DWh< _YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @  8P!@`+D8XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hXɆq+ E'b&  8P!Ɇq+D+T| XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hXr}+ E'b&  8P!r}+D+T| XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hX+ E'b&  8P!+D,Th XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh-PowerShell/Operational &8hPrational &ElfChnk_YY_YY(@V*K(P=f?mMF&a**_YUh0 E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jUh0DWh< _YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ffb00c7d-34c4-4cc3-8dec-8613c8f3358c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0a935087-4be5-4976-af46-ae417c289424 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. **`Y邦0 E'b&  8P9!邦0DXh,`YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c( **haYL<0 E'b&  8P!L<0DXh,aYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hbY9ڦ0 E'b&  8P!9ڦ0Dh0 bYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hcY(0 E'b&  8P!(0Dh0 cYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hdY{e0 E'b&  8P!{e0D8dYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**heYA0 E'b&  8P!A0Dh  eYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hfY0 E'b&  8P!0D8fYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hgY 0 E'b&  8P! 0Dh  gYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hhYGf11 E'b&  8P!Gf11D"i hYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hiY11 E'b&  8P!11D"i iYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hjYɤX1 E'b&  8P!ɤX1Di jYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hkYX1 E'b&  8P!X1Di kYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hlY8:X1 E'b&  8P!8:X1D7P lYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hmY~GX1 E'b&  8P!~GX1D7P mYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**xnYgX1 E'b&  8P!!jgX1DPnYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e25a5a43-8f35-40a0-ab00-fdc8322f2370 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7c45eacd-15c7-4d94-a9d7-b3020b0701b4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rsx**hoYbX1 E'b&  8P!bX1DTjdoYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hpYCX1 E'b&  8P!CX1DTjdpYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hqYؕ9Y1 E'b&  8P!ؕ9Y1Dj qYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hrYEY1 E'b&  8P!EY1Dj rYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hsY:1 E'b&  8P!:1D'k<sYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**htYw&1 E'b&  8P!w&1D'k<tYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**huY# 2 E'b&  8P!# 2Dk$X uYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**hvYz 2 E'b&  8P!z 2Dk$X vYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**hwY 2 E'b&  8P! 2D0 ,wYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aqueh**hxYO 2 E'b&  8P!O 2D0 ,xYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**xyY&4 2 E'b&  8P!!j&4 2Dl0 yYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 910434c6-1984-4fd2-9a3a-f19a46461d14 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 00643c98-68f6-4da1-8264-ac93d6a5b1a4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hzY 2 E'b&  8P! 2DlxzYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**h{Yç 2 E'b&  8P!ç 2Dlx{YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**h|YJ 2 E'b&  8P!J 2D@ |YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**h}Y6 2 E'b&  8P!6 2D@ }YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**h~Y2 E'b&  8P!2D~YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aqueh**hYs(2 E'b&  8P!s(2DYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hY3L2 E'b&  8P!3L2DnH < YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hY W2 E'b&  8P! W2DnH < YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hYY2 E'b&  8P!Y2DSYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hY Ƹ2 E'b&  8P! Ƹ2DSYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hY2 E'b&  8P!2Dn 4YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Coh**hYg 2 E'b&  8P!g 2Dn 4YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aicyh**xYd(u2 E'b&  8P!!jd(u2D& YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e4c132eb-ca2f-4b11-8694-feadc2880ebb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 80fcecb7-f358-41f5-bbc4-dc3da9c840d2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8x**hYX2 E'b&  8P!X2Dnh @ YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hYF2 E'b&  8P!F2Dnh @ YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hY382 E'b&  8P!382DQ YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hY#2 E'b&  8P!#2DQ YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hY\ֽ2 E'b&  8P!\ֽ2Do hYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hYp[2 E'b&  8P!p[2Do hYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**xYlhB2 E'b&  8P!!jlhB2D|o YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8f37867e-46b2-4ce4-894b-f489bb11f762 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7dc4b4b6-c6a9-4be3-b235-18a8e0724b77 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hYۅ[2 E'b&  8P!ۅ[2D}olL YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hYqg2 E'b&  8P!qg2D}olL YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hYʾ2 E'b&  8P!ʾ2D@ YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**hYlԾ2 E'b&  8P!lԾ2D@ YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**hYe%2 E'b&  8P!e%2Dp YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aqueh**hYs12 E'b&  8P!s12Dp YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hYEO2 E'b&  8P!EO2D?pL YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hYk]2 E'b&  8P!k]2D?pL YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**xYS¿2 E'b&  8P!!jS¿2DzL YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7d2a29d1-a66c-4374-8acb-ba2cc1b848e0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8407cf58-8985-4036-91b7-97dd41dec71a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ntx**hYF2 E'b&  8P!F2D{ YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hY22 E'b&  8P!22D{ YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hY? 2 E'b&  8P!? 2D&qYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hY{2 E'b&  8P!{2D&qYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**xYAv2 E'b&  8P!!jAv2DqYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d19d48fd-7dbb-4862-8cd0-51a88a1ba097 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e1b5a339-227f-43b0-937e-271e23b2d74e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rx**hY2 E'b&  8P!2D< YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arh**hYٛ2 E'b&  8P!ٛ2D< YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hY2 E'b&  8P!2DirDYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hY8\2 E'b&  8P!8\2D T YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hYL2 E'b&  8P!L2DirDYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hY%3 2 E'b&  8P!%3 2D T YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hY&2 E'b&  8P!&2Dqr `YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hY(2 E'b&  8P!(2Dqr `YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hY\J3 E'b&  8P!\J3DEYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hYhJ3 E'b&  8P!hJ3DEYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hYz'r3 E'b&  8P!z'r3DYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**hYf3r3 E'b&  8P!f3r3DYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**hYߐOr3 E'b&  8P!ߐOr3DYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aqueh**hYZr3 E'b&  8P!Zr3DYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**xYĢr3 E'b&  8P!!jĢr3DrtYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ff68333d-3a69-4012-9239-131d4b25e7cd Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ae2b2a57-46f7-451c-a51f-4064604e7a4f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hYVr3 E'b&  8P!Vr3D YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hY3r3 E'b&  8P!3r3D YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hY\Ns3 E'b&  8P!\Ns3Dt YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**hYLZs3 E'b&  8P!LZs3Dt YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**hY+-3 E'b&  8P!+-3Du YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aqueh**hY93 E'b&  8P!93Du YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hY$4 E'b&  8P!$4D*YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hY{p%4 E'b&  8P!{p%4D*YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hY$#%4 E'b&  8P!$#%4D1 YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hYa.%4 E'b&  8P!a.%4D1 YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8hPj E'b&  8Ps-ji%4D$v YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hXɆq+ E'b&  8P!Ɇq+D+T| XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hXr}+ E'b&  8P!r}+D+T| XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hX+ E'b&  8P!+D,Th XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh-PowerShell/Operational &8hPrational &ElfChnkYZYZP*>5?(P=f?mMF&a**Yi%4 E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!ji%4D$v YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 56f25b58-2592-4d55-b536-67131a12f01b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4a6fdcf2-1fa0-4653-aa55-bc4578e0303a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. **Y%4 E'b&  8P9!%4D~$YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c( **hY%4 E'b&  8P!%4D~$YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hY&4 E'b&  8P!&4D:v L YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hY*&4 E'b&  8P!*&4D:v L YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hY4 E'b&  8P!4Dov8 YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hY 4 E'b&  8P! 4Dov8 YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hY~4 E'b&  8P!~4Dv,YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hY4 E'b&  8P!4Dv,YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hY4 E'b&  8P!4DvHYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hY4 E'b&  8P!4DvHYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hY!4 E'b&  8P!!4DvXYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hY-+4 E'b&  8P!-+4DvXYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**xYƔ4 E'b&  8P!!jƔ4DwX YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7488a4df-af74-40dc-b48a-8c6d7959870a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 753e3f3a-5f16-4bcc-bf0d-0eecdf1cdda9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hY;`4 E'b&  8P!;`4D{, YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hY L4 E'b&  8P! L4D{, YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arsh**hYB4 E'b&  8P!B4Dw$ YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hY4 E'b&  8P!4Dw$ YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hYz24 E'b&  8P!z24Dx< YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hYc?4 E'b&  8P!c?4Dx< YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**xYܣ4 E'b&  8P!!jܣ4D< XYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = aed239c6-6540-4e7c-914f-c4db52e0f7d8 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 2f56a34d-2e8c-4141-8f67-c5a93640d356 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hYU4 E'b&  8P!U4D( YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hYY4 E'b&  8P!Y4D( YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hY`4 E'b&  8P!`4Dx ,YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hYK4 E'b&  8P!K4Dx ,YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**xYGU4 E'b&  8P!!jGU4Dx YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f215b9dc-c21b-4647-931c-0ac2baf337b9 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = af990e3d-a839-4e01-944b-6ce83735bd7c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 5 E'b&  8P!>5Dcz(p YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**xY6~5 E'b&  8P!!j6~5D@(\YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = efc72e76-1440-4699-89ed-5cfd2f6cfd26 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 88fdcbbb-97cc-475c-946e-9064f03ddce9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hY5 E'b&  8P!5Dz YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hYˉ5 E'b&  8P!ˉ5Dz YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hY,5 E'b&  8P!,5D YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hYƆ85 E'b&  8P!Ɔ85D YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hY6 E'b&  8P!6D#YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hY"6 E'b&  8P!"6D#YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hY$I;6 E'b&  8P!$I;6D\YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hY4;6 E'b&  8P!4;6D\YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hYA<6 E'b&  8P!A<6D4 $ YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**hYmW<6 E'b&  8P!mW<6D4 $ YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**xY3<6 E'b&  8P!!j3<6DM4 YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 88bfd975-1a36-4351-b788-7d8d87e852e4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4e5ab113-ba52-496e-b729-79b1e27bbb07 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hYJ<6 E'b&  8P!J<6DN| YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hY<6 E'b&  8P!<6DN| YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hY  =6 E'b&  8P!  =6DYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hY=6 E'b&  8P!=6DYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &anth**hYG!n6 E'b&  8P!G!n6D| YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hỲ|6 E'b&  8P!̀|6D| YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hY?.6 E'b&  8P!?.6D} YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hY<6 E'b&  8P!<6D} YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hYo6 E'b&  8P!o6D}PYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hY@y~6 E'b&  8P!@y~6D}PYMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hYF6 E'b&  8P!F6Dv`L YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hY6 E'b&  8P!6Dv`L YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**xY-6 E'b&  8P!!j-6DG~`YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 90bfe380-86f5-4d89-8007-091dad36907a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a4d69b9c-d10e-42ce-aa75-213319f93a05 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rsx**hYW6 E'b&  8P!W6D< YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hYE6d6 E'b&  8P!E6d6D< YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hYsլ6 E'b&  8P!sլ6DT YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hY6 E'b&  8P!6DT YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hYN6 E'b&  8P!N6D8YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hY6 E'b&  8P!6D8YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**xYA6 E'b&  8P!!jA6Db8(YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b8c5b28e-0370-4adf-87da-8a4c65d0021f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f55a8c21-100f-462f-be93-6bb8597d0884 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hYjo[6 E'b&  8P!jo[6Df$YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hY$[g6 E'b&  8P!$[g6Df$YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hY6 E'b&  8P!6D\@YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hZ6 E'b&  8P!6D\@ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hZYa6 E'b&  8P!Ya6DEhZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hZYm6 E'b&  8P!Ym6DEhZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hZ36 E'b&  8P!36Dkh ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**hZz6 E'b&  8P!z6Dkh ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**hY+-3 E'b&  8P!jO6D:h ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*hY93 E'b&  8P!93Du YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hY$4 E'b&  8P!$4D*YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hY{p%4 E'b&  8P!{p%4D*YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hY$#%4 E'b&  8P!$#%4D1 YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**hYa.%4 E'b&  8P!a.%4D1 YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8hPj E'b&  8Ps-ji%4D$v YMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hXɆq+ E'b&  8P!Ɇq+D+T| XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hXr}+ E'b&  8P!r}+D+T| XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh**hX+ E'b&  8P!+D,Th XMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ndoh-PowerShell/Operational &8hPrational &ElfChnkZPZZPZx3,(P=f?mMF&a**ZO6 E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jO6D:h ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 82d8b166-a235-4168-a276-5911d2ea15f2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 40f91f62-5575-4046-96d3-c60a707264c2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. **Z%6 E'b&  8P9!%6Dd ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c( **hZ]16 E'b&  8P!]16Dd ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hZL6 E'b&  8P!L6D>@ ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h ZK:W6 E'b&  8P!K:W6D>@  ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**x Z6 E'b&  8P!!j6Dk@ D ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 23217bb8-a9a8-435f-8ae0-79ab3fa4e88c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b576c964-ad5c-476d-9948-7edb3a19974b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**h Z~6 E'b&  8P!~6Dj  ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h Zj6 E'b&  8P!j6Dj  ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h Zr;6 E'b&  8P!r;6D| ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hZAE6 E'b&  8P!AE6D0 ,ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hZPG6 E'b&  8P!PG6D| ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hZ-Q6 E'b&  8P!-Q6D0 ,ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hZ56 E'b&  8P!56DtZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hZ6 E'b&  8P!6DtZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**hZ >{7 E'b&  8P! >{7D` ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hZN{7 E'b&  8P!N{7D` ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arsh**hZO f7 E'b&  8P!O f7DHl @ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hZor7 E'b&  8P!or7DHl @ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hZ׍7 E'b&  8P!׍7D 0d ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hZ;7 E'b&  8P!;7D 0d ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**xZ7 E'b&  8P!!j7D0 ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5534a7a2-9b4c-4a23-9a6b-b959e752e56e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e454e807-8187-4a39-8cab-07fa6b3e737b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hZ'7 E'b&  8P!'7DZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hZV'*7 E'b&  8P!V'*7DZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hZG7 E'b&  8P!G7DӃ ,ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hZp7 E'b&  8P!p7DӃ ,ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hZ .8 E'b&  8P! .8D ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hZ.8 E'b&  8P!.8D ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h Zjv6V8 E'b&  8P!jv6V8D  ( ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h!Z,bBV8 E'b&  8P!,bBV8D  (!ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h"Z]V8 E'b&  8P!]V8D„ ("ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h#Z|iV8 E'b&  8P!|iV8D„ (#ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**x$ZV8 E'b&  8P!!jV8D$ $ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 58adce65-3907-4640-9671-b0fae2b6fe9a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b1d90543-8d9b-40ca-8c57-1067cdc1bed7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**h%Z6V8 E'b&  8P!6V8Dl0%ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h&ZV8 E'b&  8P!V8Dl0&ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h'Z^YW8 E'b&  8P!^YW8Da \'ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h(ZbdW8 E'b&  8P!bdW8Da \(ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h)ZC8 E'b&  8P!C8D )ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h*Z?f8 E'b&  8P!?f8D *ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h+Z}28 E'b&  8P!}28D; +ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h,Z8 E'b&  8P!8D; ,ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h-Z R9 E'b&  8P! R9DM-ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h.Z(`9 E'b&  8P!(`9DM.ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**/Z&pz9 E'b&  8P]!j&pz9Dj /ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9dee3a9d-bde1-40ac-bec7-c7b4462a93a7 Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-nckdbujm.hwf.ps1 Engine Version = 4.0 Runspace ID = a079ca37-3497-410f-a7a8-b797dc638ea3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. { **h0Zp9 E'b&  8P!p9Dx 0ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aed h**h1Z9 E'b&  8P!9Dx 1ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ableh**x2Z# 9 E'b&  8P!!j# 9DT 2ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 674fd346-3f68-43fb-a3f8-97a9f6c816fc Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 2dc121dc-0c22-4df7-bd22-6aec58f310dd Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**h3Z)F09 E'b&  8P!)F09DPD 3ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**h4Z1<9 E'b&  8P!1<9DPD 4ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**h5ZZ9 E'b&  8P!Z9Dنl 5ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a87eh**h6ZoF9 E'b&  8P!oF9Dنl 6ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &and h**h7Z9 E'b&  8P!9Db0 7ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &and h**h8ZP9 E'b&  8P!P9Db0 8ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aorAh**x9Z9 E'b&  8P!!j9D0 9ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d2a68d64-6ea2-4d86-a925-1e3f71642135 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9edfe43c-7006-4ecc-90dd-e3da05be9a1b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**h:Z9 E'b&  8P!9D6:ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**h;Za9 E'b&  8P!a9D6;ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hZN9 E'b&  8P!N9D8$ p>ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**h?Z}:9 E'b&  8P!}:9D8$ p?ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**x@Z9 E'b&  8P!!j9D$ @ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c31713bd-51c6-4b20-ae3c-383883ea68e4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 999eac54-4793-4800-9a3a-f65dd2c4ca69 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. mex**hAZ&9 E'b&  8P!&9D$ AZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahelh**hBZ29 E'b&  8P!29D$ BZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hCZa"9 E'b&  8P!a"9DCZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hDZ¿"9 E'b&  8P!¿"9DDZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hEZSz"9 E'b&  8P!Sz"9D EZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hFZr"9 E'b&  8P!r"9D FZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**xGZo W#9 E'b&  8P!!jo W#9DL@ GZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6a546cb2-9875-4eeb-912e-343b725b6b0e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d7d7ab68-41f8-4829-bcb3-0b4318c3ae9a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. mex**hHZ|#9 E'b&  8P!|#9DM HZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahelh**hIZ#9 E'b&  8P!#9DM IZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hJZv#9 E'b&  8P!v#9DY JZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hKZ; #9 E'b&  8P!; #9DY KZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**xLZ$9 E'b&  8P!!j$9D3 LZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2182c37b-969e-498d-b157-fbc99d04ec85 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 499c800d-66b0-48d1-bce3-1a8cd7d58f91 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hMZ/$9 E'b&  8P!/$9D`MZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arath**hNZ!;$9 E'b&  8P!!;$9D`NZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arath**hOZ$9 E'b&  8P!$9Dx OZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arath**hPZ!1$9 E'b&  8P!!1$9Dx PZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arathnal &n E'b&  8Prational &ElfChnkQZZQZZ`'Uw/Z(=f?mMFY&**XQZ($9 E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!($9D$ LQZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hRZ $9 E'b&  8P! $9D$ LRZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hSZ>$9 E'b&  8P!>$9D  SZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**hTZ$9 E'b&  8P!$9D  TZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**hUZr9 E'b&  8P!r9D \UZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**hVZ0~9 E'b&  8P!0~9D \VZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &00-h**hWZ 9 E'b&  8P! 9DxWZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**hXZm9 E'b&  8P!m9DxXZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nfih**hYZ9 E'b&  8P!9D3 <YZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Conh**hZZ9 E'b&  8P!9D3 <ZZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**@[ZR[9 E'b&  8P!jR[9D [ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Yp;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6a3c2821-3225-4c65-ba81-541153429489 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f8ecda6f-e958-4a21-94d7-99fd8e69247d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**h\ZOt9 E'b&  8P!Ot9D$ \ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h]Z~9 E'b&  8P!~9D$ ]ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h^ZGt9 E'b&  8P!Gt9D@ ^ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h_Z9 E'b&  8P!9D@ _ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h`ZBj: E'b&  8P!Bj:D6`ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**haZONj: E'b&  8P!ONj:D6aZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hbZ: E'b&  8P!:DA PbZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hcZɕ: E'b&  8P!ɕ:DA PcZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hdZ眲: E'b&  8P!眲:DdZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**heZ: E'b&  8P!:DeZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xfZۓ(: E'b&  8P!!jۓ(:D.fZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ac987b4b-8a1a-4636-b3ac-59691ea4ae92 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a244c8bd-c4be-43bf-85f3-73d53d400ca2 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rsx**hgZr%D: E'b&  8P!r%D:DgZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hhZ0P: E'b&  8P!0P:DhZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hiZ漉: E'b&  8P!漉:DdP iZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hjZ@ȉ: E'b&  8P!@ȉ:DdP jZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hkZ<; E'b&  8P!<;D DkZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hlZ ; E'b&  8P! ;D DlZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hmZN ; E'b&  8P!N ;D mZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hnZƂZ ; E'b&  8P!ƂZ ;D nZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hoZ*; E'b&  8P!*;D |oZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hpZ*; E'b&  8P!*;D |pZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hqZH*; E'b&  8P!H*;D`X qZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hrZT*; E'b&  8P!T*;D`X rZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xsZ*; E'b&  8P!!j*;DX sZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c151d83b-8c62-4274-ad7f-eb5ad662dfb2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0219929e-3f98-4e76-aebf-fbdd22abe2be Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ntx**htZD*; E'b&  8P!D*;DtZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**huZ*; E'b&  8P!*;DuZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hvZG/; E'b&  8P!G/;D+x vZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hwZ //; E'b&  8P! //;D+x wZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hxZs/; E'b&  8P!s/;D-p xZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hyZ/ 0; E'b&  8P!/ 0;D-p yZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**xzZq0; E'b&  8P!!jq0;DWp| zZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2f8be9f5-1c7d-42a3-89af-930889bec103 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7fab1c59-9975-4979-b936-756f6e9b1c17 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rsx**h{ZK0; E'b&  8P!K0;DB, t {ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h|ZY0; E'b&  8P!Y0;DB, t |ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Winh**h}ZA0; E'b&  8P!A0;DN|}ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h~Z0; E'b&  8P!0;DN|~ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**xZh~*1; E'b&  8P!!jh~*1;D ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3a1f3961-9611-453f-815d-bdad52d53ec6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1e83a3e6-0f6c-4bca-a2e2-35fb772e90e0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**hZD1; E'b&  8P!D1;DZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hZP1; E'b&  8P!P1;DZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hZ疪1; E'b&  8P!疪1;Dlh ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hZ;1; E'b&  8P!;1;Dlh ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hZT1; E'b&  8P!T1;D ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hZs1; E'b&  8P!s1;D ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hZ͸1; E'b&  8P!͸1;DXZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hZ1; E'b&  8P!1;DXZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hZb; E'b&  8P!b;Dv ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hZ ; E'b&  8P! ;Dv ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hZ~; E'b&  8P!~;D<, ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**hZ'; E'b&  8P!';D<, ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hZ; E'b&  8P!;DA8 ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**hZ&; E'b&  8P!&;DA8 ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**xZ<{; E'b&  8P!!j<{;DZ ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b024da4b-a794-4f23-a7f1-1d81c2cca228 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 2b33aabc-68d8-4dd1-9c69-629747f52ad4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hZIm; E'b&  8P!Im;D[X ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hZȨ; E'b&  8P!Ȩ;D[X ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hZeK ; E'b&  8P!eK ;DP ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**hZ܆; E'b&  8P!܆;DP ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hZ״< E'b&  8P!״<D TZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**hZ< E'b&  8P!<D TZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**hZm< E'b&  8P!m<DtZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rouh**hZг< E'b&  8P!г<DtZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hZvЕ< E'b&  8P!vЕ<DHZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &elsh**hZ}ޕ< E'b&  8P!}ޕ<DHZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &} h**xZkH< E'b&  8P!!jkH<Dє ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b0381d1b-3f08-42c8-8442-114889e7338c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8141c3fa-9413-4f73-bd36-08fedb1871b4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**hZc< E'b&  8P!c<DҔ ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**hZEo< E'b&  8P!Eo<DҔ ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**hZՖ< E'b&  8P!Ֆ<D ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rouh**hZČ< E'b&  8P!Č<D ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hZÅ5= E'b&  8P!Å5=DL ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &elsh**hZs5= E'b&  8P!s5=DL ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &} h**hZc8= E'b&  8P!c8=D:@t ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ae9h**hZ8= E'b&  8P!8=D:@t ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ROUh**hZA= E'b&  8P!A=D;`ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hZݽA= E'b&  8P!ݽA=D;`ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hZA= E'b&  8P!A=D4ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hZTB= E'b&  8P!TB=D4ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**xZoB= E'b&  8P!!joB=DpZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Y@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9a9a6fe2-ade7-4c54-afbf-a09dab466caa Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a0a6605b-edd0-441d-8866-a1314151cc0f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. OUx**hZ6B= E'b&  8P!6B=D ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hZB= E'b&  8P!B=D ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hZ|GC= E'b&  8P!|GC=DKT $ ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hZSC= E'b&  8P!SC=DKT $ ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &hicrosoft-Win E'b&  8PwerShell/Operational &arathnal &n E'b&  8Prational &ElfChnkZZZZxJ(L =f?mMF &**XZ>uC= E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!>uC=D(xZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hZC= E'b&  8P!C=D(xZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**@ZC= E'b&  8P!jC=D{xDZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  p;)(A?L oData= ContextInfo A'L =UserData A%L =Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2499c4c7-2f6b-46bc-a80a-596db3ef10c0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 473d99db-ed57-4beb-bd14-41dd8edf59ce Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**hZ D= E'b&  8P! D=D| X ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceh**hZYD= E'b&  8P!YD=D| X ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**hZ-4D= E'b&  8P!-4D=D8x ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & (-h**hZv@D= E'b&  8P!v@D=D8x ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**xZeD= E'b&  8P!!jeD=Dx ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f39b6cad-7b97-43ac-bfa8-5691bf31cc7a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0fccc09d-793a-44bf-a5c6-3a0456abb8e8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. kKE= E'b&  8P!>kKE=DrdZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**hZBL= E'b&  8P!BL=DL ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**hZ+NL= E'b&  8P!+NL=DL ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**hZU= E'b&  8P!U=Dt  ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hZ,W`= E'b&  8P!,W`=Dt  ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hZN= E'b&  8P!N=D8 ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hZZ= E'b&  8P!Z=D8 ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rsh**hZw= E'b&  8P!w=D ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hZF˅= E'b&  8P!F˅=D ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**xZ:= E'b&  8P!!j:=D" ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f4486963-9043-4d02-b4b0-92b5719d8179 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 17a4b9d0-0dbf-4e10-bfae-39c39e81c283 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 4-x**hZF = E'b&  8P!F =D# ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &f (h**hZ~2= E'b&  8P!~2=D# ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d (h**hZ_z= E'b&  8P!_z=D)@ ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**hZ v= E'b&  8P! v=D)@ ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**hZ&> E'b&  8P!&>DA`ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**hZW@2> E'b&  8P!W@2>DA`ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**hZZ> E'b&  8P!Z>D ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hZ,> E'b&  8P!,>D ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hZ E'b&  8P!Ddd ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hZW> E'b&  8P!W>Ddd ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nth**xZuĩ> E'b&  8P!!juĩ>Dd ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 88df3e0f-7dc9-4973-b42f-bef6ad17acbb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 76a94e66-83fe-4ded-b87d-17777354c059 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hZ~ߩ> E'b&  8P!~ߩ>D80 ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**hZC> E'b&  8P!C>D80 ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**hZoM> E'b&  8P!oM>D ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hZ@0Y> E'b&  8P!@0Y>D ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hZM? E'b&  8P!M?DK ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hZ}N? E'b&  8P!}N?DK ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rsh**hZUnQ? E'b&  8P!UnQ?D[ PZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hZ:ZQ? E'b&  8P!:ZQ?D[ PZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Winh**hZd^? E'b&  8P!d^?D' ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hZ!^? E'b&  8P!!^?D' ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**Z+(7^? E'b&  8P]!j+(7^?D- ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f8451083-ac3e-4769-95a5-f7d90d68e9a7 Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-duttjf1q.qwt.ps1 Engine Version = 4.0 Runspace ID = 9a50718c-4336-4b8a-a74e-cf1026eff770 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rorA**hZCDB^? E'b&  8P!CDB^?DD< ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &acAh**hZ0N^? E'b&  8P!0N^?DD< ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ h**xZO)^? E'b&  8P!!jO)^?DDZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a12e8b52-9e0d-4720-9207-16582fa11ccd Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 37b2cbfb-9e7a-450f-96aa-1b365b286c13 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**hZQl^? E'b&  8P!Ql^?DhZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hZ.X^? E'b&  8P!.X^?DhZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hZX0a? E'b&  8P!X0a?D  ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hZ;a? E'b&  8P!;a?D  ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hZSa? E'b&  8P!Sa?D ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hZ_a? E'b&  8P!_a?D ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**xZqa? E'b&  8P!!jqa?D6 < ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d36ac2fb-4b72-4f48-8fe5-6ce8a9f991ae Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 21e843fa-2f4b-46c7-82d9-071bcfca84f8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. mex**hZ,rl? E'b&  8P!,rl?D7 ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &helh**hZ\l? E'b&  8P!\l?D7 ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hZ#w? E'b&  8P!#w?D[@ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hZx? E'b&  8P!x?D[@ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hZ?x? E'b&  8P!?x?DZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hZd|Kx? E'b&  8P!d|Kx?DZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**xZRx? E'b&  8P!!jRx?D: ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = cb74cc23-ecb4-441d-b2ed-280c8e5d1aac Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8a80618a-9223-45da-9954-26f8dc683cf7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. cax**hZ'x? E'b&  8P!'x?D4\0 ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &worh**hZx? E'b&  8P!x?D4\0 ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &etwh**hZ? E'b&  8P!?D @ ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atch**hZBĄ? E'b&  8P!BĄ?D @ ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ameh**hZ? E'b&  8P!?DSZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &helh**hZlM? E'b&  8P!lM?DSZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**xZX? E'b&  8P!!jX?DҢ|ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c92c0aea-5ef8-4725-83a0-b2a42b4cd03f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8ffd20be-0b98-46c3-9233-f39ca14fddc3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hZ6z? E'b&  8P!6z?D@ ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & 4.h**hZx? E'b&  8P!x?D@ ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ferh**hZ:? E'b&  8P!:?D#ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &trih**hZ&? E'b&  8P!&?D#ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &etAh**xZ? E'b&  8P!!j?D| ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = da250158-954a-4ae2-b6c9-6c4383c27041 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e04632bb-ceea-40c5-9bec-401013982f4b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. atxnal &n E'b&  8Prational &ElfChnkZS[ZS[(oj'(,=f?mMF&**XZ*? E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!*?D8 ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hZp6? E'b&  8P!p6?D8 ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hZ$? E'b&  8P!$?D ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hZC? E'b&  8P!C?D ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Verh**hZƩ? E'b&  8P!Ʃ?D ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Acth**hZeª? E'b&  8P!eª?D ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t Rh**hZп? E'b&  8P!п?D@ ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &r =h**hZΆ? E'b&  8P!Ά?D@ ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &resh**hZڈ$@ E'b&  8P!ڈ$@DW ZMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & }h**h[v$@ E'b&  8P!v$@DW [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Winh**h[\d7@ E'b&  8P!\d7@DT[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &s Wh**h[P7@ E'b&  8P!P7@DT[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &s }h**h[7@ E'b&  8P!7@Dt[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Comh**h[7@ E'b&  8P!7@Dt[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ft.h**@[q8@ E'b&  8P!jq8@Dtx[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(A?,oData= ContextInfo A',=UserData A%,=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 60d350ef-a218-41e1-805c-e5614f1a84e2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4bde5ef6-7804-4c61-9354-cc16f9ee86e8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. r@**h[$8@ E'b&  8P!$8@D[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h[q8@ E'b&  8P!q8@D[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h[|8@ E'b&  8P!|8@D9 [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**h [=9@ E'b&  8P!=9@D9  [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h [dZ@ E'b&  8P!dZ@D0 [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h [e@ E'b&  8P!e@D0 [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h [k@ E'b&  8P!k@D [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h [1{@ E'b&  8P!1{@D [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h[0@ E'b&  8P!0@D\ [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**h['@ E'b&  8P!'@D\ [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**x[B/@ E'b&  8P!!jB/@Dҧ\[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c2fa4e6c-423c-465c-b4f3-7cd7e83ccbc5 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 00ddb792-7295-499f-be5a-0cb5115b1ce7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rsx**h[KH@ E'b&  8P!KH@Dt \ [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h[T@ E'b&  8P!T@Dt \ [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h[s@ E'b&  8P!s@D< ,[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h[%@ E'b&  8P!%@D< ,[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h[e@ E'b&  8P!e@DB [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**h[p@ E'b&  8P!p@DB [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h[uܾ@ E'b&  8P!uܾ@D- [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h[3@ E'b&  8P!3@D- [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h** [@ E'b&  8P !j@D. [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational "p Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 57735716-1326-4cc8-afdf-1d972903ef2f Host Application = powershell.exe -NoProfile -NonInteractive -Command try { $ErrorActionPreference = "Stop" $ProgressPreference = "SilentlyContinue" $modules = Get-InstalledModule -ErrorAction SilentlyContinue if ($modules) { foreach ($mod in $modules) { [PSCustomObject]@{ Name = $mod.Name Version = $mod.Version.ToString() Repository = $mod.Repository Author = $mod.Author } | ConvertTo-Json -Compress Write-Output "---SEPARATOR---" } } } catch { Write-Error $_.Exception.Message; exit 1 } Engine Version = 4.0 Runspace ID = 173a689c-862a-44e5-a105-f3915ca03ebf Pipeline ID = 1 Command Name = Command Type = Script Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The term 'Get-InstalledModule' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Fully Qualified Error ID = Microsoft.PowerShell.Commands.WriteErrorException oso **h[@ E'b&  8P!@D: [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**h[@ E'b&  8P!@D: [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**h[{A E'b&  8P!{ADH T [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**h[{A E'b&  8P!{ADH T [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hh**h[A E'b&  8P!AD0 P [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &toph**h[A E'b&  8P!AD0 P [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceMh**h [n6A E'b&  8P!n6ADl [Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nteh**h![DA E'b&  8P!DADl ![Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-00h**x"[A E'b&  8P!!jADl"[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e9ae7189-11f2-47df-9427-6f39fb272298 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d1d56884-e429-463f-9561-ad5b960f6e5e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. sox**h#[|5؈A E'b&  8P!|5؈AD #[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**h$[nA E'b&  8P!nAD $[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**h%[wMA E'b&  8P!wMAD %[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**h&[~A E'b&  8P!~AD &[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**h'[)A E'b&  8P!)AD'[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**h([8A E'b&  8P!8AD([Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hh**x)[ A E'b&  8P!!j AD)[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 188ac688-bcb3-4874-b0a3-d7d209d2ac6d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1e40c2bd-d77a-4139-8c65-5436e10dbc10 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. cax**h*[<ɕA E'b&  8P!<ɕADr0 *[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &worh**h+[ՕA E'b&  8P!ՕADr0 +[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &etwh**h,[A E'b&  8P!AD,[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atch**h-[דA E'b&  8P!דAD-[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ameh**x.[dA E'b&  8P!!jdAD.[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 08be42e8-f8e7-4b95-997d-7862d6546a63 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = cf00a349-2fa0-42e8-91ba-c6bccf04b013 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. tAx**h/[~A E'b&  8P!~ADGx/[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &'00h**h0[gA E'b&  8P!gADGx0[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & cah**h1[YA E'b&  8P!YAD $1[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &worh**h2[A E'b&  8P!ADR 2[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &etwh**h3[0yA E'b&  8P!0yAD $3[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atch**h4[ A E'b&  8P! ADR 4[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ameh**h5["A E'b&  8P!"ADɫ\ 5[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &helh**h6[b0A E'b&  8P!b0ADɫ\ 6[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h7[`7B E'b&  8P!`7BD9d 7[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h8[AB E'b&  8P!ABD9d 8[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h9[HB E'b&  8P!HBD 9[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h:[HB E'b&  8P!HBD :[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h;[կ*HB E'b&  8P!կ*HBD,D;[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h<[6HB E'b&  8P!6HBD,D<[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**x=[3HB E'b&  8P!!j3HBDqD=[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0b950800-ca2d-4bf2-b0ae-5065d74b1013 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f6ef417f-97b9-40c2-878d-c8ee442101b3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**h>[fHB E'b&  8P!fHBDI >[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h?[HB E'b&  8P!HBDI ?[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h@[1.IB E'b&  8P!1.IBD(@[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hA[}:IB E'b&  8P!}:IBD(A[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hB[;B E'b&  8P!;BD,\ B[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hC[$AB E'b&  8P!$ABD,\ C[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hD[B E'b&  8P!BD p D[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &2b4h**hE[JiB E'b&  8P!JiBD p E[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**hF[B E'b&  8P!BD< tF[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**hG[B E'b&  8P!BD< tG[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &orAh**xH[PpB E'b&  8P!!jPpBDO< $H[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9c3316a9-60d2-41d8-8b8b-6c3804032fbb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 331ad058-48a9-4629-ae67-92077bb10ca9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**hI[B E'b&  8P!BDS0 I[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &83ch**hJ[B E'b&  8P!BDS0 J[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**hK[B E'b&  8P!BDK[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**hL[B E'b&  8P!BDL[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &orAh**hM[r~C E'b&  8P!r~CD< M[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &acAh**hN[~C E'b&  8P!~CD< N[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ h**hO[*͛C E'b&  8P!*͛CDnt O[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ed h**hP[C E'b&  8P!CDnt P[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &bleh**hQ[BaC E'b&  8P!BaCDo(Q[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hR[ſmC E'b&  8P!ſmCDo(R[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**hS[|ӦC E'b&  8P!|ӦCDp S[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h E'b&  8Prational &ElfChnkT[[T[[Py+r( =f?mMF &**XT[C E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!CDp T[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**@U[C E'b&  8P!jCDp  U[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  p;)(A? oData= ContextInfo A' =UserData A% =Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 665c2cbf-7a92-467c-b5b7-62e47b343aa3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6714a320-e555-464b-863c-8454b225b812 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**hV[FC E'b&  8P!FCD XV[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hW[\QC E'b&  8P!\QCD XW[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &o h**hX[0'C E'b&  8P!0'CDX[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &1e1h**hY[ ?3C E'b&  8P! ?3CDY[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &if h**hZ[uQC E'b&  8P!uQCDlZ[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**h[[]C E'b&  8P!]CDl[[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceh**x\['m©C E'b&  8P!!j'm©CD \[Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a53b6497-05df-4588-acf6-6db27bfec51d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f8779bf4-5e6e-46e5-ae7e-7b0ef5475eac Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. SI E'b&  8P!Y>SID| (\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &afL E'b&  8P!:w>LDjD8 9\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**h:\bJL E'b&  8P!bJLDjD8 :\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**h;\)L E'b&  8P!)LDk;\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**h<\hL E'b&  8P!hLDk<\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**x=\A}L E'b&  8P!!jA}LD/=\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8273ff89-6f88-46fc-9f9b-357769afb37b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9d09c7e7-44e5-4b72-a509-eb9936d77d5c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. twx**h>\L E'b&  8P!LD$ >\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aatch**h?\zz!L E'b&  8P!zz!LD$ ?\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aameh**h@\Ꮢ&L E'b&  8P!Ꮢ&LD0x l@\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahelh**hA\晠&L E'b&  8P!晠&LD0x lA\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hB\= &L E'b&  8P!= &LDS, B\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hC\B&L E'b&  8P!B&LDS, C\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**xD\yi0'L E'b&  8P!!jyi0'LD,D\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e741c379-c441-4875-b052-de65b46dc2ac Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 2be9b643-b250-4193-9c4d-e7bd1ff585b1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. erx**hE\KS'L E'b&  8P!KS'LDPh E\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atrih**hF\ga'L E'b&  8P!ga'LDPh F\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetAh**hG\{'L E'b&  8P!{'LDG\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a'00h**hH\]'L E'b&  8P!]'LDH\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a cah**xI\'L E'b&  8P!!j'LD I\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7a784535-b4dd-4a3d-8298-127554828874 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 42e49ba0-47fc-455e-bd30-41500fc67ec8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. elx Error Mes E'b&  8Prational &ElfChnkJ\\J\\xIG,(,=f?mMF&**XJ\h(L E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!h(LDtJ\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hK\u(L E'b&  8P!u(LDtK\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hL\ySc(L E'b&  8P!ySc(LD. L\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**hM\Uq(L E'b&  8P!Uq(LD. M\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**hN\x(L E'b&  8P!x(LD/4N\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**hO\S(L E'b&  8P!S(LD/4O\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &00-h**hP\(L E'b&  8P!(LD]| P\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**hQ\(L E'b&  8P!(LD]| Q\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nfih**hR\/L E'b&  8P!/LDl X R\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Conh**hS\kN E'b&  8P!?>ND\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**h\\@N E'b&  8P!\@ND\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**h\,N E'b&  8P!,ND\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**h\c14O E'b&  8P!c14OD< \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**h\[@O E'b&  8P![@OD< \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8hPrational &ElfChnk\\\\`A^eNV(=f?mMF &**X\dU?O E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!dU?ODo\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**h\1AKO E'b&  8P!1AKODo\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**h\gO E'b&  8P!gOD+ $ \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**h\/tO E'b&  8P!/tOD+ $ \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**@\vݮO E'b&  8P!jvݮOD l\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  p;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 82438f78-8b10-4468-a751-c774ba7f5c31 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0a8db7fd-839b-49ce-9a3e-53f8e9b29cf4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. a@**h\C;O E'b&  8P!C;OD \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &if h**h\$'O E'b&  8P!$'OD \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**h\~lO E'b&  8P!~lOD 0\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceh**h\jxO E'b&  8P!jxOD 0\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**h\2JP E'b&  8P!2JPDT ,\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & (-h**h\XJP E'b&  8P!XJPDT ,\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**h\zTP E'b&  8P!zTPD( \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ct h**h\,TP E'b&  8P!,TPD( \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &$mah**h\u4TP E'b&  8P!u4TPDx8 \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sh**h\+ TP E'b&  8P!+ TPDx8 \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**x\+gZUP E'b&  8P!!j+gZUPD x \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 96989bee-8398-4525-8ca2-d0a4e59f7f3e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6999c981-7d34-4ad3-bf1e-2f5f77eefcf7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8-x**h\UP E'b&  8P!UPDh0p \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &f (h**h\昍UP E'b&  8P!昍UPDh0p \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d (h**h\+4VP E'b&  8P!+4VPD6 (\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**h\4@VP E'b&  8P!4@VPD6 (\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**h\R_VP E'b&  8P!R_VPDY  \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**h\lVP E'b&  8P!lVPDY  \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**x\UUVP E'b&  8P!!jUUVPDc  \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e33d8a0f-8f64-42eb-ba31-6d2918caa7c4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 3e3cc84f-17a1-4b2a-a217-067049852253 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. nXP E'b&  8P!>nXPD !\ \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**h\QXP E'b&  8P!QXPD ! T\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &em h**h\ XP E'b&  8P! XPD ! T\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onah**h\~)XP E'b&  8P!~)XPD`@ \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onah**h\6XP E'b&  8P!6XPD`@ \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onah**h\P E'b&  8P!PDY!t \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onah**h\4P E'b&  8P!4PDY!t \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onah**h\Ӆ9 Q E'b&  8P!Ӆ9 QD!` \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onah**h\UF Q E'b&  8P!UF QD!` \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onah**h\bc Q E'b&  8P!bc QD P\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &cath**h\Kq Q E'b&  8P!Kq QD P\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sih**x\m Q E'b&  8P!!jm QD \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ace8cb14-b6a7-466b-a33a-a8db2c3d460f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f99a2512-a980-4103-811d-3b6092169c21 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. nax**h\ Q E'b&  8P! QD \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onah**h\ Q E'b&  8P! QD \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onah**h\Ac Q E'b&  8P!Ac QD!`,\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onah**h\o Q E'b&  8P!o QD!`,\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onah**h\Q E'b&  8P!QD $\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &cath**h\PQ E'b&  8P!PQD $\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sih**h\pQ E'b&  8P!pQD \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &on h**h\*Q E'b&  8P!*QD \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Selh**h\ |1Q E'b&  8P! |1QD\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h\=Q E'b&  8P!=QD\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d Gh**x\Q E'b&  8P!!jQD! \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b3c8511d-566f-4cde-904a-9ed9b1e56e93 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 684902e2-3b56-4f92-b2dc-71f61a34d61d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. nax**h\H¼Q E'b&  8P!H¼QD%$ \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &cath**h\ͼQ E'b&  8P!ͼQD%$ \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sih**h\:/Q E'b&  8P!:/QD"hP \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &on h**h\&;Q E'b&  8P!&;QD"hP \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Selh**h\MR E'b&  8P!MRD# p\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h\MR E'b&  8P!MRD# p\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d Gh**h\P?cR E'b&  8P!P?cRD\# t \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-anh**h\\McR E'b&  8P!\McRD\# t \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &y -h**h\I lR E'b&  8P!I lRD]#0 \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h\lR E'b&  8P!lRD]#0 \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h\SGOlR E'b&  8P!SGOlRDa# \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h\3[lR E'b&  8P!3[lRDa# \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**x\lR E'b&  8P!!jlRD  \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f5fd5a11-5639-40bc-bce8-ccd72dd7e6b9 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d1b2e025-77f7-419a-aefb-409fe6d2a9a6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**h\lR E'b&  8P!lRD0\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h\.lR E'b&  8P!.lRD0\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h\(nR E'b&  8P!(nRD# \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h\nR E'b&  8P!nRD# \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h\9nR E'b&  8P!9nRD \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h\ oR E'b&  8P! oRD \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**x\|qoR E'b&  8P!!j|qoRD$ t\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1741ef10-567d-4b7a-9e25-135aa5f6b2e5 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1275e207-a173-402c-a7fb-dff1eee00203 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. nax**h\oR E'b&  8P!oRD$0\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &cath**h\xoR E'b&  8P!xoRD$0\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sih**h\eoR E'b&  8P!eoRD$ L \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &on h**h\'oR E'b&  8P!'oRD$ L \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Selh**x\"pR E'b&  8P!!j"pRD 0\Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b86cf44c-3572-4fea-a4cc-fb0bc433f9b4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 346f6d31-accf-435b-8f75-1b8468ef540e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. nax**h\n=pR E'b&  8P!n=pRD8 \Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onah&8hPrational &ElfChnk\J]\J]`XO(=f?mMF&**X\8U E'b&  8P!u>UD,@ 8]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h9]>U E'b&  8P!>UD,@ 9]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**x:]Yd>U E'b&  8P!!jYd>UD :]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 524e2e9c-5ccf-4284-ba8c-a5156d21643f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b94283e8-8d74-43ae-bd94-f6013d341d4a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h;] ]>U E'b&  8P! ]>UD,;]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h<]>U E'b&  8P!>UD,<]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h=]$ ?U E'b&  8P!$ ?UD-d=]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h>]?U E'b&  8P!?UD-d>]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h?]U E'b&  8P!UD- ?]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h@]{U E'b&  8P!{UD- @]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hA]U E'b&  8P!UDA]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hB]KU E'b&  8P!KUDB]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hC]U E'b&  8P!UD9.\ C]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hD]zU E'b&  8P!zUD9.\ D]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**xE]þRU E'b&  8P!!jþRUD. E]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 88765157-6300-450f-b45b-ecb989df1fa6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f1c9cd21-126f-41b4-8d15-086df36ec84f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. anx**hF]kU E'b&  8P!kUD8$ P F]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hG]uU E'b&  8P!uUD8$ P G]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hH]U E'b&  8P!UD H]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hI]U E'b&  8P!UD I]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hJ]8~V E'b&  8P!8~VDk J]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8hP! E'b&  8Ps-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onah&8hPrational &ElfChnkK]]K]]~XK O3(T=f?mMF!&**XK]`g~V E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!`g~VDk K]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hL]ؓV E'b&  8P!ؓVD/ L]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hM]sV E'b&  8P!sVD/ M]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**hN]!V E'b&  8P!!VD/N]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**hO] V E'b&  8P! VD/O]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hP]$+V E'b&  8P!$+VD/ P]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Verh**hQ]7V E'b&  8P!7VD/ Q]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Acth**@R]"V E'b&  8P!j"VDn0 R]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !p;)(A?ToData= ContextInfo A'T=UserData A%T=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 77fec406-c60a-4d0e-a4a2-e7592de8a726 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b7d0c06a-10f9-4664-ba73-200009dd4268 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**hS]p˝V E'b&  8P!p˝VDr0 $ S]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & (-h**hT]\םV E'b&  8P!\םVDr0 $ T]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**hU]V E'b&  8P!VD0h U]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ct h**hV]wV E'b&  8P!wVD0h V]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &$mah**hW]8V E'b&  8P!8VDJW]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sh**hX]FV E'b&  8P!FVDJX]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Sh**xY]V E'b&  8P!!jVD1tY]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 907126fe-4bd9-42d5-b3c5-401531ae0a39 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4b9d09cb-bdbe-46ef-bf43-937e1337040a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 6-x**hZ]QΟV E'b&  8P!QΟVD 1L Z]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &f (h**h[]N`؟V E'b&  8P!N`؟VD 1L []Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d (h**h\]*V E'b&  8P!*VD1 $ \]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**h]]V E'b&  8P!VD1 $ ]]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**x^]CaV E'b&  8P!!jCaVD 8^]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 16727789-1fac-4728-bcab-6969bfcef6ef Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 20e7741c-7a35-4029-bfb0-9d896e8e8b8e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. =X E'b&  8P!>=XDS4\w]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &inh**xx]X E'b&  8P!!jXD48 x]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a38d9727-704d-4b68-b06a-74e739bdc015 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6ae26a4f-117d-4d52-aef2-61fb8b5ae612 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hy] X E'b&  8P! XD/ y]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**hz]\X E'b&  8P!\XD/ z]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**h{]LX E'b&  8P!LXDq5${]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**h|]%X E'b&  8P!%XDq5$|]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**h}]X E'b&  8P!XD  }]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**h~]8X E'b&  8P!8XD  ~]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**h]=X E'b&  8P!=XD6X\ ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**h]kJX E'b&  8P!kJXD6X\ ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h]BX E'b&  8P!BXDkT ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h]ͮX E'b&  8P!ͮXDkT ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h]c1X E'b&  8P!c1XDr ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h]?X E'b&  8P!?XDr ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**h]zX E'b&  8P!zXD$6]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h]V>X E'b&  8P!V>XD$6]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**x]sX E'b&  8P!!jsXD6]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 46a2fea0-f4a6-48be-bf3c-b4d4a829f8e3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f36097d5-1234-4eae-8f4c-bf5dca20b73b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. anx**h]X E'b&  8P!XD ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &y -h**h]'X E'b&  8P!'XD ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h]`@X E'b&  8P!`@XD6 \]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h]+X E'b&  8P!+XD6 \]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h]M4ڷX E'b&  8P!M4ڷXD ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h]X E'b&  8P!XD ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**x]GX E'b&  8P!!jGXD]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5bb94dce-beff-46d2-9ef0-d35d29878859 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0ebfe488-2936-4dbc-92bc-d942231d37be Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**h]'aX E'b&  8P!'aXD$]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**h]mX E'b&  8P!mXD$]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**h]?иX E'b&  8P!?иXDu7]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**h]ܸX E'b&  8P!ܸXDu7]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**h]t`X E'b&  8P!t`XD7<h ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**h]ĹX E'b&  8P!ĹXD$]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h]̹X E'b&  8P!̹XD7<h ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h]йX E'b&  8P!йXD$]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h]X E'b&  8P!XD7 l ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h]CX E'b&  8P!CXD7 l ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**x]?iX E'b&  8P!!j?iXD ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 59d8f53e-7a71-49e0-9564-347c0a71b7ec Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1ebd11f0-9b8a-4db9-8c82-2f365e7b676a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**h]EX E'b&  8P!EXD ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**h]Y1X E'b&  8P!Y1XD ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**h]X E'b&  8P!XDd]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**h]nX E'b&  8P!nXDd]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach E E'b&  8Pf1jXD8 ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@pt Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. anx**hF]kU E'b&  8P!kUD8$ P F]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hG]uU E'b&  8P!uUD8$ P G]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hH]U E'b&  8P!UD H]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hI]U E'b&  8P!UD I]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hJ]8~V E'b&  8P!8~VDk J]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8hP! E'b&  8Ps-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onah&8hPrational &ElfChnk]]]]aߴ NF(P=f?mMF&a**]X E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jXD8 ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6a6fffab-f4b8-40bb-8f85-2d3bcb22bf1f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 41f5600b-cfc4-4f29-8105-7b2e428d3eb9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. eIn**]5X E'b&  8P9!5XD84]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c(= **h]AX E'b&  8P!AXD84]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**h] X E'b&  8P! XDH8p ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**h]dX E'b&  8P!dXDH8p ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**h]˻X E'b&  8P!˻XDW80h ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**h]ػX E'b&  8P!ػXDW80h ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**h]'dX E'b&  8P!'dXDoX ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h]%X E'b&  8P!%XDoX ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**h]IY E'b&  8P!IYD ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**h]1IY E'b&  8P!1IYD ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**h] lY E'b&  8P! lYD ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**h]lY E'b&  8P!lYD ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**h]lY E'b&  8P!lYD\, ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aSh**h]mY E'b&  8P!mYD\, ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**x]ߏkmY E'b&  8P!!jߏkmYD9\]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a58ad5bb-331d-4e61-afb7-8f7a2d606e5d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e32f9c03-bc6c-428d-b19c-5d84cb6e949e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**h]BmY E'b&  8P!BmYD) ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**h]MmY E'b&  8P!MmYD) ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h]zmY E'b&  8P!zmYD4@ ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h]znY E'b&  8P!znYD4@ ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h]嘧Y E'b&  8P!嘧YD\]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h]5Y E'b&  8P!5YD\]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h]ɟZ E'b&  8P!ɟZD, t$]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h]Z E'b&  8P!ZD, t$]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h]6Z E'b&  8P!6ZDS;l ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h]|~Z E'b&  8P!|~ZDS;l ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**x]aJB Z E'b&  8P!!jaJB ZD;|]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a0f2e76d-99be-4fd4-a091-653d5657bde5 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 262eeeb4-9fec-4300-b5c5-324ac76c9149 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. QZ E'b&  8P!>QZD- ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h]]Z E'b&  8P!]ZD- ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h]CmZ E'b&  8P!CmZD< <]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h]xZ E'b&  8P!xZD< <]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h]~Z E'b&  8P!~ZD=,]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ainh**h]Z E'b&  8P!ZD=,]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**x]MZ E'b&  8P!!jMZD ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a7b67775-81e4-4f5d-b11a-611e48656445 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 21161b64-a910-4d20-bb66-e51279fb7c87 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. eIx**h]Z E'b&  8P!ZD $]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h]D'Z E'b&  8P!D'ZD $]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h]PZ E'b&  8P!PZDB ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h];Z E'b&  8P!;ZDB ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h]OKbZ E'b&  8P!OKbZD ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h]qZ E'b&  8P!qZD ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h]Z E'b&  8P!ZD \]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h]Z E'b&  8P!ZD \]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h]0Z E'b&  8P!0ZD= D]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h]  ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = fc50925e-e15e-45ca-84a0-7306b21dc7a6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f3d7e1a6-dbf6-4f36-a812-a6a3236d9499 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. {x**h]aZ E'b&  8P!aZDh> ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h]nZ E'b&  8P!nZDh> ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h]'Z E'b&  8P!'ZDs>t ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aanh**h]3MZ E'b&  8P!3MZDs>t ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ay -h**x]Z E'b&  8P!!jZDft ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7fff2f36-5996-4cd3-9eeb-dda14aab8c92 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a4b59fdc-d764-4370-8c17-f496badeec05 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -nx**h]Z E'b&  8P!ZDhT ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h]Z E'b&  8P!ZDhT ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h])4Z E'b&  8P!)4ZDi\ ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h]@Z E'b&  8P!@ZDi\ ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h]SZ E'b&  8P!SZD?H ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $h**h],bZ E'b&  8P!,bZD?H ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h]l@Z E'b&  8P!l@ZD ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h]5,Z E'b&  8P!5,ZD ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h]$Eb[ E'b&  8P!$Eb[D T]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h]͑Rb[ E'b&  8P!͑Rb[D T]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h]r[ E'b&  8P!r[DPL h]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h]Μ[ E'b&  8P!Μ[DPL h]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h]H"[ E'b&  8P!H"[D@ ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h] ć[ E'b&  8P! ć[D@ ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**x]hJ,[ E'b&  8P!!jhJ,[D0 ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 39c5f6e2-3349-46c6-bfa0-9a0ccfe2d603 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 39f3f567-d8a6-4b8f-ac47-96b40757ed83 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Scx**h]IG[ E'b&  8P!IG[DZ@ ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $h**h]ܯS[ E'b&  8P!ܯS[DZ@ ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h]"Ѷ[ E'b&  8P!"Ѷ[DA]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h]ܼˆ[ E'b&  8P!ܼˆ[DA]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h]\ E'b&  8P!\D?At]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h]{#\ E'b&  8P!{#\D?At]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h] a:\ E'b&  8P! a:\D T ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aanh**h]m:\ E'b&  8P!m:\D T ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**h]:\ E'b&  8P!:\DA|]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**h]x:\ E'b&  8P!x:\DA|]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**hI]U E'b&  8P!jn;\DB|]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*hJ]8~V E'b&  8P!8~VDk J]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8hP! E'b&  8Ps-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onah&8hPrational &ElfChnk]A^]A^xdcU(P=f?mMF&a**]n;\ E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jn;\DB|]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9f1c2c42-3c5c-41b6-afa1-be766b0712ba Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c90ff986-e048-4e46-a0be-86199c6fff4e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. eIn**]*h;\ E'b&  8P9!*h;\D <]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c(= **h]T+;\ E'b&  8P!T+;\D <]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**h]);\ E'b&  8P!);\Dm < ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**h] ܦ;\ E'b&  8P! ܦ;\Dm < ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**h]\ E'b&  8P!\D@Bt ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**h] \ E'b&  8P! \D@Bt ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**h]<\ E'b&  8P!<\DB ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h]MR \ E'b&  8P!MR \DB ]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**h]\ E'b&  8P!\DB<]Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**h^K\ E'b&  8P!K\DB<^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**h^T \ E'b&  8P!T \DBLt^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**h^i\\ E'b&  8P!i\\DBLt^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**x^M\ E'b&  8P!!jM\DHCL<^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3cee7363-43e4-4cd2-9708-5876b0eb8f62 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 58d86066-dd14-465a-b5b5-964fa120d877 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**h^'ذ\ E'b&  8P!'ذ\DIC < ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h^ü\ E'b&  8P!ü\DIC < ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (h**h^Z(\ E'b&  8P!Z(\D}C^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**h^;4\ E'b&  8P!;4\D}C^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**^@J\ E'b&  8P]!j@J\D^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5334b202-1576-45e9-bda8-fdf51d9e9f71 Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-caxko23f.zbk.ps1 Engine Version = 4.0 Runspace ID = 46e05f36-07ad-4e22-921e-e27d5cf45d58 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ft-W**h ^U\ E'b&  8P!U\D ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**h ^wa\ E'b&  8P!wa\D ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**x ^\ E'b&  8P!!j\DC ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = af7e7e23-6396-40d5-8f4c-052ad9b7afa2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8c609512-2d21-4786-a42e-6bcbfed31ce9 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. mex**h ^P\ E'b&  8P!P\DC ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahelh**h ^7<\ E'b&  8P!7<\DC ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**h^,\ E'b&  8P!,\D <^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**h^O\ E'b&  8P!O\D <^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**h^(\ E'b&  8P!(\D ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**h^\ E'b&  8P!\D ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**x^d\ E'b&  8P!!jd\D\D ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 47c0cbbf-2a18-44d7-a717-b830d7744730 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4cc2f041-927e-4361-bea9-f87a429d0321 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. tAx**h^@>\ E'b&  8P!@>\DWX^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a'00h**h^J\ E'b&  8P!J\DWX^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a cah**h^\ ] E'b&  8P!\ ]DZ(  ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aworh**h^H ] E'b&  8P!H ]DZ(  ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetwh**h^ ] E'b&  8P! ]Dat^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aatch**h^}+ ] E'b&  8P!}+ ]Dat^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aameh**x^( ] E'b&  8P!!j( ]D^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9251a94f-f077-420c-b7a2-ea1c3975c48e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 57291122-1166-460e-8660-3247935da3af Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. tAx**h^~ ] E'b&  8P!~ ]D<P^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a'00h**h^= ] E'b&  8P!= ]D<P^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a cah**h^] E'b&  8P!]DUd ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aworh**h^0] E'b&  8P!0]DUd ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetwh**h^*] E'b&  8P!*]D\ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aatch**h^$] E'b&  8P!$]D\ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aameh**x ^MN] E'b&  8P!!jMN]DaEt ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a9fe0ffc-c4ff-4dcb-bb8e-a40b92a9a7c0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4d701832-88eb-4ba4-8b31-be20915d8da4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h!^p] E'b&  8P!p]D T !^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a 4.h**h"^|] E'b&  8P!|]D T "^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aferh**h#^v] E'b&  8P!v]DjE, #^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atrih**h$^Sӥ] E'b&  8P!Sӥ]DjE, $^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetAh**x%^ы] E'b&  8P!!jы]D(F,%^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 226b5d60-0792-46dc-9b35-f08c52ba1038 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = de2ac9ac-d3f9-47e7-98ec-fa13c78b1d50 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h&^~] E'b&  8P!~]D%x&^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a 4.h**h'^j)] E'b&  8P!j)]D%x'^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aferh**h(^|] E'b&  8P!|]D (^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atrih**h)^Ԙ] E'b&  8P!Ԙ]D )^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetAh**h*^A] E'b&  8P!A]D=F,*^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a'00h**h+^\] E'b&  8P!\]D=F,+^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a cah**h,^] E'b&  8P!]D,^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aworh**h-^w7] E'b&  8P!w7]D-^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetwh**h.^H|] E'b&  8P!H|]DD.^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aatch**h/^4] E'b&  8P!4]DD/^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aameh**h0^LZ] E'b&  8P!LZ]DF L 0^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahelh**h1^E] E'b&  8P!E]DF L 1^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**h2^] E'b&  8P!]DF2^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**h3^ ] E'b&  8P! ]DF3^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**x4^CO] E'b&  8P!!jCO]DGd4^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d2dcdbd6-9b12-46bf-9c46-998d12042222 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 87b70895-dffc-43b8-a01f-82ff40763dc1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h5^h] E'b&  8P!h]D@5^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a 4.h**h6^wt] E'b&  8P!wt]D@6^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aferh**h7^] E'b&  8P!]DGHH @7^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atrih**h8^[] E'b&  8P![]DGHH @8^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetAh**h9^LQ^ E'b&  8P!LQ^DMH 9^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a'00h**h:^OXQ^ E'b&  8P!OXQ^DMH :^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a cah**h;^ty^ E'b&  8P!ty^D< ( ;^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aworh**h<^`y^ E'b&  8P!`y^D< ( <^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetwh**h=^ vy^ E'b&  8P! vy^DH0 h=^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aatch**h>^y^ E'b&  8P!y^DH0 h>^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aameh**x?^'$z^ E'b&  8P!!j'$z^D[I0 $ ?^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5726242f-59e6-4f1d-8a31-82a9268ec7f1 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = cbdf9bde-a469-4a9e-9d03-1f1fd9278757 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h@^T?z^ E'b&  8P!T?z^D]I @^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hA^@Kz^ E'b&  8P!@Kz^D]I A^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Whdows-PowerSh E'b&  8Prational &ElfChnkB^^B^^(Ύ2(=f?mMF&**XB^Lz^ E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!Lz^DJT B^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hC^zz^ E'b&  8P!zz^DJT C^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hD^r_ E'b&  8P!r_D D^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**hE^L,_ E'b&  8P!L,_D E^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**hF^g$_ E'b&  8P!g$_DPF^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**hG^2_ E'b&  8P!2_DPG^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &00-h**hH^=*_ E'b&  8P!=*_DJlt H^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**hI^*d*_ E'b&  8P!*d*_DJlt I^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nfih**J^v*_ E'b&  8P'!jv*_D_l8J^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b2f3e487-23cd-46d9-98c5-6a5a8ce0b568 Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-iwx1h43h.0xj.ps1 Engine Version = 4.0 Runspace ID = 578d1071-8792-4ed2-8888-b56e805743cb Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. T+;**hK^+_ E'b&  8P!+_Dh K^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &);h**hL^n+_ E'b&  8P!n+_Dh L^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & ܦ;h**xM^}+_ E'b&  8P!!j}+_DK M^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 54155736-0731-4bfa-a25b-0b3fabd02175 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 37b56392-be1a-46f1-862d-cf222175fcf7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. d x**hN^M+_ E'b&  8P!M+_DK(N^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**hO^"ݲ+_ E'b&  8P!"ݲ+_DK(O^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &orAh**hP^l-_ E'b&  8P!l-_D PP^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &acAh**hQ^v-_ E'b&  8P!v-_D PQ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ h**hR^-_ E'b&  8P!-_DKR^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ed h**hS^؛-_ E'b&  8P!؛-_DKS^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &bleh**xT^ο-_ E'b&  8P!!jο-_D$ T^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 218d1032-3c27-4cba-90e3-588921f4a5c7 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = cf4531c9-7572-449d-b3eb-d386145a7a12 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**hU^8_ E'b&  8P!8_D U^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hV^z8_ E'b&  8P!z8_D V^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hW^:Go_ E'b&  8P!:Go_ZA_A_ W^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hX^Qp_ E'b&  8P!Qp_ZA_A_ X^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hY^kCK~_ E'b&  8P!kCK~_ZA_—A_Y^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hZ^4/W~_ E'b&  8P!4/W~_ZA_—A_Z^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**x[^2(~_ E'b&  8P!!j2(~_ZA_HA_[^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 78988b00-cffa-4009-b6d3-7a049681aeca Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c1eb55e4-0ac8-441d-acb1-f752d71d6bb3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**h\^,_ E'b&  8P!,_ZA_A_pt\^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h]^Aw8_ E'b&  8P!Aw8_ZA_A_pt]^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h^^Vʺ_ E'b&  8P!Vʺ_ZA_A_^^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h_^Ɓ_ E'b&  8P!Ɓ_ZA_A__^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h`^C߁_ E'b&  8P!C߁_ZA_A_ $ `^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**ha^|_ E'b&  8P!|_ZA_A_ $ a^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**xb^,J_ E'b&  8P!!j,J_ZA_יA_ b^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 02dd6979-e4cb-43f9-b4e4-b5acab7f6f9e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = aac64f81-1d3a-4038-a20b-898f6e4938ce Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. twx**hc^JV_ E'b&  8P!JV_ZA_A_c^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atch**hd^5b_ E'b&  8P!5b_ZA_A_d^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ameh**e^Hu_ E'b&  8P]!jHu_ZA_A_e^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 375a49ef-2b33-45a1-ac72-a3f4ad17bd9e Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-rw2ft03g.bq3.ps1 Engine Version = 4.0 Runspace ID = d92c7c73-ddb1-4cf3-8bf5-9309d258ae18 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rorA**hf^_ E'b&  8P!_ZA_A_(Lf^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &acAh**hg^j|_ E'b&  8P!j|_ZA_A_(Lg^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ h**xh^x_ E'b&  8P!!jx_ZA_A_(|h^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8cdeb766-c06c-420d-b546-031eeb818689 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b049099c-e0f3-43cd-a602-ac20cf282c57 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**hi^o_ E'b&  8P!o_ZA_ A_`i^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &92ah**hj^Z_ E'b&  8P!Z_ZA_ A_`j^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**hk^yHٌ_ E'b&  8P!yHٌ_ZA_A_L k^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**hl^/4_ E'b&  8P!/4_ZA_A_L l^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &orAh**hm^_ E'b&  8P!_ZA_EA_ m^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &acAh**hn^__ E'b&  8P!__ZA_EA_ n^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ h**xo^_c_ E'b&  8P!!j_c_ZA_A_ @o^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6a308386-4a66-42cc-aaa8-b6c37e4320a2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 62b645ca-4a6a-4e93-b4ba-123c0bdc5226 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. d x**hp^<R_ E'b&  8P!<R_ZA_ŚA_ p^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**hq^^_ E'b&  8P!^_ZA_ŚA_ q^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &orAh**hr^_ E'b&  8P!_ZA_A_r^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &acAh**hs^r_ E'b&  8P!r_ZA_A_s^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ h**ht^f7_ E'b&  8P!f7_ZA_КA_ t^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ed h**hu^RC_ E'b&  8P!RC_ZA_КA_ u^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &bleh**xv^a_ E'b&  8P!!ja_ZA_A_v^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 28c86fbe-783d-4a0a-bbb5-f3768f2b37d9 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 20c846c1-208c-47b2-8645-f0e38ccff290 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**hw^+6Ȥ_ E'b&  8P!+6Ȥ_ZA_֚A_ w^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hx^rԤ_ E'b&  8P!rԤ_ZA_֚A_ x^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hy^D>_ E'b&  8P!D>_ZA_ٛA_y^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hz^yJ_ E'b&  8P!yJ_ZA_ٛA_z^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h{^gg_ E'b&  8P!gg_ZA_A_l {^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h|^Xs_ E'b&  8P!Xs_ZA_A_l |^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**x}^uլ_ E'b&  8P!!juլ_ZA_}A_l P}^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = af08dafa-1ab9-40fe-8de4-dd7b887c946c Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = bf490f5c-a2d4-4000-a688-43cb861272e8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**h~^&_ E'b&  8P!&_ZA_~A_ 0~^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h^W_ E'b&  8P!W_ZA_~A_ 0^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h^8y?_ E'b&  8P!8y?_ZA_A_^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h^dK_ E'b&  8P!dK_ZA_A_^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**x^_ E'b&  8P!!j_ZA_:A_^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 13a5ba54-86b9-4f59-8883-4dee8309389f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ac067647-bf5b-417b-af19-6af6e984fbbe Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. cax**h^2ɭ_ E'b&  8P!2ɭ_ZA_>A_`^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &worh**h^ԭ_ E'b&  8P!ԭ_ZA_>A_`^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &etwh**h^ta_ E'b&  8P!ta_ZA_A_ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atch**h^''_ E'b&  8P!''_ZA_A_ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ameh**h^ A_ E'b&  8P! A_ZA_A_ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &helh**h^,O_ E'b&  8P!,O_ZA_A_ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**h^__ E'b&  8P!__ZA_A_X^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Whdows-PowerSh E'b&  8PE'b&  8Prational &ElfChnk^^^^`L-(T=f?mMF!&**X^k_ E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!k_ZA_A_X^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**h^>E` E'b&  8P!>E`ZA_pA_h ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**h^F` E'b&  8P!F`ZA_pA_h ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**h^@_` E'b&  8P!@_`ZA_A_ t^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**h^`L_` E'b&  8P!`L_`ZA_A_ t^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**h^g_` E'b&  8P!g_`ZA_ A_  ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &00-h**h^Vs_` E'b&  8P!Vs_`ZA_ A_  ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ignh**@^u"_` E'b&  8P!ju"_`ZA_1A_ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !p;)(A?ToData= ContextInfo A'T=UserData A%T=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 516ac132-d42b-4866-ad86-162d1d95f4d5 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4d593cd9-b5e5-4aa1-93af-91409450e724 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**h^,_` E'b&  8P!,_`ZA_3A_ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Selh**h^ծ`` E'b&  8P!ծ``ZA_3A_ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h^s,i`` E'b&  8P!s,i``ZA_A_, 8 ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d Gh**h^r`` E'b&  8P!r``ZA_A_, 8 ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-anh**h^` E'b&  8P!`ZA_A_<x^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &y -h**h^T%` E'b&  8P!T%`ZA_A_<x^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h^` E'b&  8P!`ZA_JA_l^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h^` E'b&  8P!`ZA_JA_l^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h^Ha E'b&  8P!HaZA_A_` ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h^a E'b&  8P!aZA_A_` ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h^߉8a E'b&  8P!߉8aZA_A_`^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h^uDa E'b&  8P!uDaZA_A_`^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**x^ia E'b&  8P!!jiaZA_A_^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = cde1c523-fbba-46a3-b292-b2ed7527c681 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4fa75d08-257a-49c7-ae57-21171e7d4a01 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h^^a E'b&  8P!^aZA_A_^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h^Ja E'b&  8P!JaZA_A_^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h^0a E'b&  8P!0aZA_A_8 ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h^W<a E'b&  8P!W<aZA_A_8 ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h^9a E'b&  8P!9aZA_A_T^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h^hèa E'b&  8P!hèaZA_A_T^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h^a E'b&  8P!aZA_A_ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h^Za E'b&  8P!ZaZA_A_ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h^.&a E'b&  8P!.&aZA_A_L^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**h^a E'b&  8P!aZA_A_L^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**h^߱a E'b&  8P!߱aZA_A_ @ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h^a E'b&  8P!aZA_A_ @ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**x^Ya E'b&  8P!!jYaZA_A_ (^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d921ddd5-4682-4070-a2fa-97dfdc6df231 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e42b96aa-b30d-4db1-b55c-470aa5c86862 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h^?a E'b&  8P!?aZA_A_X^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h^G+a E'b&  8P!G+aZA_A_X^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h^4a E'b&  8P!4aZA_A_TH^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**h^>a E'b&  8P!>aZA_A_TH^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**h^ȸa E'b&  8P!ȸaZA_A_h^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h^Zeָa E'b&  8P!ZeָaZA_A_h^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**x^9a E'b&  8P!!j9aZA_A_^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e8627459-f75e-4fd0-a1c0-03e6301295a8 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b3f694d3-3b1a-4d08-91f0-77ed1795d3ed Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. owx**h^Za E'b&  8P!ZaZA_šA_H L ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &5-9h**h^fa E'b&  8P!faZA_šA_H L ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &er h**h^ma E'b&  8P!maZA_ȡA_ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(h**h^:a E'b&  8P!:aZA_ȡA_ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(h**x^Ua E'b&  8P!!jUaZA_cA_ l^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7e3692c6-17de-4eb0-ab79-874bb49e3ebb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4c1cfb59-095f-4e08-aef1-cfeeaea29514 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. sex**h^ra E'b&  8P!raZA_eA_ \ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &`h**h^Wa E'b&  8P!WaZA_eA_ \ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &`h**h^\ea E'b&  8P!\eaZA_*A_ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &L h**h^Ora E'b&  8P!OraZA_*A_ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &L h**h^){a E'b&  8P!){aZA_+A_ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h^a E'b&  8P!aZA_ A_T ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h^Ha E'b&  8P!HaZA_+A_ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h^ra E'b&  8P!raZA_ A_T ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h^*4l^b E'b&  8P!*4l^bZA_A_ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ctih**h^Zv^b E'b&  8P!Zv^bZA_A_ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Roh**h^ॢkb E'b&  8P!ॢkbZA_A_\ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**h^kb E'b&  8P!kbZA_A_\ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &essh**h^kb E'b&  8P!kbZA_A_^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**h^lkb E'b&  8P!lkbZA_A_^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &in3h**x^=lb E'b&  8P!!j=lbZA_ʣA_$ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2e2909d7-d10b-41ba-b3c6-db892d228356 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 795cc9b1-011c-44f3-8248-6eb2553d2a90 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rsx**h^gXlb E'b&  8P!gXlbZA_3A_4 ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ctih**h^Sclb E'b&  8P!SclbZA_3A_4 ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Roh**h^.lb E'b&  8P!.lbZA_A_, d ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**h^rlb E'b&  8P!rlbZA_A_, d ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &essh**h^<c E'b&  8P!<cZA_`A_( < ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**h^Hc E'b&  8P!HcZA_`A_( < ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &in3h**h^qc E'b&  8P!qcZA_էA_8^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Wih**h^`~c E'b&  8P!`~cZA_էA_8^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**h^(Gc E'b&  8P!(GcZA_ݧA_^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ommh**h^2c E'b&  8P!2cZA_ݧA_^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t.Ph**x^ c E'b&  8P!!j cZA_A_^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a5f3fa82-6aec-40f0-af2f-fa1189daee6b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 38a09fec-fee7-4517-9a4f-a37b7264720d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ssx**h^%c E'b&  8P!%cZA_A_ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**h^3c E'b&  8P!3cZA_A_ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &in3h**h^i c E'b&  8P!i cZA_A_p ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Wih**h^c E'b&  8P!cZA_A_p ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**h^hac E'b&  8P!hacZA_שA_4 ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ommh**h^*Mc E'b&  8P!*McZA_שA_4 ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t.Ph**h^L c E'b&  8P!L cZA_ܩA_8 ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h^6c E'b&  8P!6cZA_ܩA_8 ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h^VBc E'b&  8P!VBcZA_ҥA_t ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h^.c E'b&  8P!.cZA_ҥA_t ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h^u2c E'b&  8P!u2cZA_ӥA_X ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h^v>c E'b&  8P!v>cZA_ӥA_X ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &883h**x^Jc E'b&  8P!!jJcZA_ A_X^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational !@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 19a16e44-518a-4dfe-afde-333b604d461b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6752f98f-5a14-4812-b61a-e8989ed93d72 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. icx**h^-c E'b&  8P!-cZA_ϪA_ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h^c E'b&  8P!cZA_ϪA_ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h^SBc E'b&  8P!SBcZA_A_h^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h^@Nc E'b&  8P!@NcZA_A_h^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h^sic E'b&  8P!sicZA_A_ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Michsoft-Windows E'b&  8PwerSh E'b&  8PE'b&  8Prational &ElfChnk^4_^4_ #7 mܰ( =f?mMF &**X^Auc E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!AucZA_A_ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**@^c E'b&  8P!jcZA_«A_ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  p;)(A? oData= ContextInfo A' =UserData A% =Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 71a08343-28f7-4981-9757-d0a23fa4fd5d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 65003454-9dc6-4b0d-b989-8fcbc53bfa90 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**h^]c E'b&  8P!]cZA_A_<@ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & (-h**h^Rc E'b&  8P!RcZA_A_<@ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**h^bc E'b&  8P!bcZA_&A_| 4 ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ct h**h^B nc E'b&  8P!B ncZA_&A_| 4 ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &$mah**h^rc E'b&  8P!rcZA_lA_ ,^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sh**h^.c E'b&  8P!.cZA_lA_ ,^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**h^R=c E'b&  8P!R=cZA_mA_ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Selh**h^ Lc E'b&  8P! LcZA_mA_ ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**x^cc E'b&  8P!!jccZA_A_T ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7579be9a-97d6-453b-a1e1-5ab6ded2470e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 0d44b50a-c603-4789-b35d-3740ad17c413 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 3-x**h^Ac E'b&  8P!AcZA_A_< x^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &f (h**h^c E'b&  8P!cZA_A_< x^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d (h**h^Юc E'b&  8P!ЮcZA_A_L^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**h^c E'b&  8P!cZA_A_L^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**x^Zgc E'b&  8P!!jZgcZA_ A_h ^Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 755ebe9f-d363-46e3-98e0-4de43e8d8bee Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 63c24db8-150c-4777-a213-ab18986cb1ac Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. f E'b&  8P9!>fZA_A_< 6_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c( **h7_wf E'b&  8P!wfZA_A_< 7_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**h8_af E'b&  8P!afZA_A_88_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**h9_4mf E'b&  8P!4mfZA_A_89_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**h:_ebBg E'b&  8P!ebBgZA_-A_hL :_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**h;_b&,Bg E'b&  8P!b&,BgZA_-A_hL ;_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**h<_Mg E'b&  8P!MgZA_-A_ D <_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h=_;Mg E'b&  8P!;MgZA_-A_ D =_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aSelh**h>_s1Mg E'b&  8P!s1MgZA_A_ p >_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h?_?Mg E'b&  8P!?MgZA_A_ p ?_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**x@_Mg E'b&  8P!!jMgZA_A_ @_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = dd50ff82-4e20-409f-af1d-d9f600ab2613 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 44b13b8c-e7db-4520-850c-43f781707b3d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hA_ Mg E'b&  8P! MgZA_λA_< A_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad (h**hB_Mg E'b&  8P!MgZA_λA_< B_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hC_4Ng E'b&  8P!4NgZA_kA_hC_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hD_B?Ng E'b&  8P!B?NgZA_kA_hD_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hE_9"g E'b&  8P!9"gZA_ټA_E_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hF_6c.g E'b&  8P!6c.gZA_ټA_F_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hG_g E'b&  8P!gZA_ڼA_x G_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hH_ag E'b&  8P!agZA_ڼA_x H_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hI_g E'b&  8P!gZA_A_` I_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hJ_qog E'b&  8P!qogZA_A_` J_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**hK_mg E'b&  8P!mgZA_!A_@K_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**hL_yg E'b&  8P!ygZA_!A_@L_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**hM_ mg E'b&  8P! mgZA_ A_8 M_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**hN_Xg E'b&  8P!XgZA_ A_8 N_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aqueh**xO_'g E'b&  8P!!j'gZA_ƽA_O_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = fb863915-fb2c-4be7-b4d7-f7a9e7bbf918 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b264a436-2993-405b-be4c-3590c3b465bd Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. eIx**hP_]cNg E'b&  8P!]cNgZA_bA_ xP_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hQ_Wg E'b&  8P!WgZA_bA_ xQ_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hR_g E'b&  8P!gZA_|A_ lR_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hS_g E'b&  8P!gZA_}A_p X S_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hT_ng E'b&  8P!ngZA_|A_ lT_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hU_sg E'b&  8P!sgZA_}A_p X U_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hV_\ g E'b&  8P!\ gZA_A_V_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hW_U* g E'b&  8P!U* gZA_A_W_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**xX_-pg E'b&  8P!!j-pgZA_A_ X_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9ef24b82-6c3f-4eae-8131-88b9ffe8692e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 06dffc7e-e0d3-4836-a123-83c84d71f7fd Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -nx**hY_œg E'b&  8P!œgZA_A_P Y_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hZ_zOg E'b&  8P!zOgZA_A_P Z_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h[_ Ng E'b&  8P! NgZA_A_ 4[_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h\_9g E'b&  8P!9gZA_A_ 4\_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**x]_4%g E'b&  8P!!j4%gZA_xA_ L ]_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 27b50bf7-6985-4824-b61b-cb278e88c6aa Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1c7c769b-345b-497b-94db-44bfd7db70b8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Scx**h^_?g E'b&  8P!?gZA_]A_` ^_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a $h**h__>oKg E'b&  8P!>oKgZA_]A_` __Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h`_H`g E'b&  8P!H`gZA_"A_ `_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**ha_tg E'b&  8P!tgZA_"A_ a_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hb_g E'b&  8P!gZA_A_ L b_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aseh**hc_׶g E'b&  8P!׶gZA_&A_@ c_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a`h**hd_2g E'b&  8P!2gZA_A_ L d_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a`h**he_g E'b&  8P!gZA_&A_@ e_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aL h**hf_yh E'b&  8P!yhZA_ܰA_ f_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aL h**hg_Y=ɧh E'b&  8P!Y=ɧhZA_ܰA_ g_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hh_ հh E'b&  8P! հhZA_,A_h_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hi_"߰h E'b&  8P!"߰hZA_,A_i_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hj_ch E'b&  8P!chZA_4A_ j_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hk_WOh E'b&  8P!WOhZA_4A_ k_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xl_gmh E'b&  8P!!jgmhZA_A_ $ l_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 15f1b6a9-332c-42db-8d3b-f6ec5e9209af Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = adfcaa64-b6d2-4d98-8c1d-a6a5be61c036 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -nx**hm_<h E'b&  8P!<hZA_A_| m_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hn_8h E'b&  8P!8hZA_A_| n_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**ho_7h E'b&  8P!7hZA_ A_h o_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hp_#h E'b&  8P!#hZA_ A_h p_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hq_}Zi E'b&  8P!}ZiZA_A_ D q_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arsh**hr_N Zi E'b&  8P!N ZiZA_A_ D r_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hs_dؤci E'b&  8P!dؤciZA_A_(s_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**ht_ ci E'b&  8P! ciZA_A_(t_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hu_#ci E'b&  8P!#ciZA_A_pu_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hv_tci E'b&  8P!tciZA_A_pv_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**xw_BBdi E'b&  8P!!jBBdiZA_:A_,w_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3d52a7f1-3f51-402c-99dc-b3a331f7bc6d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d55955d8-278d-4824-9776-1753578b1dc0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hx_ [di E'b&  8P! [diZA_>A_0` x_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hy_xgdi E'b&  8P!xgdiZA_>A_0` y_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hz_di E'b&  8P!diZA_A_  z_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h{_di E'b&  8P!diZA_A_  {_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h|_^ j E'b&  8P!^ jZA_A_|_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h}_j j E'b&  8P!j jZA_A_}_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**h~_a j E'b&  8P!a jZA_A_ ~_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**h_l j E'b&  8P!l jZA_A_ _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**h_{j E'b&  8P!{jZA_SA_ _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**h_Ϗj E'b&  8P!ϏjZA_SA_ _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aqueh**h_<j E'b&  8P!<jZA_2A_ _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h_ j E'b&  8P! jZA_2A_ _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**x_h=j E'b&  8P!!jh=jZA_A_  _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a51ff38b-a6ae-41b5-b023-9f652e350706 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 147d3a6a-2710-4b5d-b01d-1bd9a5291f0e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -nx**h_bj E'b&  8P!bjZA_A_, _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h_nj E'b&  8P!njZA_A_, _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h_Bj E'b&  8P!BjZA_iA_p_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h_oPj E'b&  8P!oPjZA_iA_p_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**_cj E'b&  8P]!jcjZA_ƴA_L_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = c7b622b4-40bd-480a-bbb7-d21efd7e2815 Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-d3lt3jvf.pqs.ps1 Engine Version = 4.0 Runspace ID = 9afef59f-f092-4216-81a2-c9c7f5f21f3b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ft-W**h_&nj E'b&  8P!&njZA_}A_t | _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**h_;{j E'b&  8P!;{jZA_}A_t | _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8hPrational &ElfChnk____(*K^(P=f?mMF&a**_KRj E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!jKRjZA_A_t _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4df807df-fc52-41cd-8910-cb532bf24b9d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 519f26f3-5cf8-4a4b-b0ae-0bd719303b1c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. man**_)j E'b&  8P9!)jZA_A_8_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c( **h_|j E'b&  8P!|jZA_A_8_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**h_ݖMj E'b&  8P!ݖMjZA_zBl E'b&  8P!>zBlZA_A_l p_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h_Bl E'b&  8P!BlZA_A_l p_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**x_7jBl E'b&  8P!!j7jBlZA_A_l T _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 49cfa517-da17-4477-ad45-0a2048a58e71 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 4b580a80-d28f-4653-8237-f45847a6e8dd Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. n E'b&  8P!B>nZA_-A_ _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aqueh**h_N>n E'b&  8P!N>nZA_-A_ _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h_xOn E'b&  8P!xOnZA_A_h _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h_On E'b&  8P!OnZA_A_h _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h_θ\Zn E'b&  8P!θ\ZnZA_A_ _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h_xhZn E'b&  8P!xhZnZA_A_ _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h_Zn E'b&  8P!ZnZA_A_|_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Coh**h_wZn E'b&  8P!wZnZA_A_|_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aicyh**x`_6[n E'b&  8P!!j_6[nZA_A_| `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4c9bbbb4-5662-4f85-8866-a4c66cfcb1b6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6c6af4a2-856a-4a50-ba3f-89c3c89ea55b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. 8x**h`=[n E'b&  8P!=[nZA_A_,`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h`H[n E'b&  8P!H[nZA_A_,`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h`^n E'b&  8P!^nZA_A_`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h` ^n E'b&  8P! ^nZA_A_`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h`^n E'b&  8P!^nZA_A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h`^n E'b&  8P!^nZA_A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**x`bv]_n E'b&  8P!!jbv]_nZA_A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5deefd72-803e-47c0-a379-681e43f6f84a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d7933eee-7d22-44a1-9647-7842fd1f9dba Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ntx**h`u_n E'b&  8P!u_nZA_A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h `_n E'b&  8P!_nZA_A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h `_n E'b&  8P!_nZA_0A_4 `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**h `_n E'b&  8P!_nZA_0A_4 `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**h ` `n E'b&  8P! `nZA_4A_t `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**h `u`n E'b&  8P!u`nZA_4A_t `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**h``n E'b&  8P!`nZA_5A_d `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aqueh**h`3l`n E'b&  8P!3l`nZA_5A_d `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**x`7X\an E'b&  8P!!j7X\anZA_A_d | `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 92796a4b-240a-40ed-b9f9-61c8a32ddadb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b5aaf979-e9ef-4a6a-9151-b2291b3cb90e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rsx**h`o|an E'b&  8P!o|anZA_A_D`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h`@ֈan E'b&  8P!@ֈanZA_A_D`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h`IBan E'b&  8P!IBanZA_A_T `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h`2an E'b&  8P!2anZA_A_T `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**x`nbn E'b&  8P!!jnbnZA_hA_t`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 32386dcc-3099-4dc2-a8ab-9ee8f8cf44a9 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9c1ca0b7-4511-4d61-899e-f44aa81e48b4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**h`zn)bn E'b&  8P!zn)bnZA_A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h`SZ5bn E'b&  8P!SZ5bnZA_A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h`Ubn E'b&  8P!UbnZA_.A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h`ђbn E'b&  8P!ђbnZA_.A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h`kbn E'b&  8P!kbnZA_1A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h`k3bn E'b&  8P!k3bnZA_A_8<`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h`cbn E'b&  8P!cbnZA_1A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h`\bn E'b&  8P!\bnZA_A_8<`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h`n E'b&  8P!nZA_rA_ 8 `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h`}n E'b&  8P!}nZA_rA_ 8 `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h `>o E'b&  8P!>oZA_A_$  `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**h!`o E'b&  8P!oZA_A_$  !`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**h"`o E'b&  8P!oZA_A_"`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**h#`0o E'b&  8P!0oZA_A_#`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**x$`| [o E'b&  8P!!j| [oZA_A_L$`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = fe1bc51c-20cc-4e30-ab3c-e2a855b42e35 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = cccb7aa4-4476-4205-b43e-a49bbfbb3dc4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ntx**h%`:Huo E'b&  8P!:HuoZA_A_h,%`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h&`ĵo E'b&  8P!ĵoZA_A_h,&`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h'`$o E'b&  8P!$oZA_A_4p'`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**h(`o E'b&  8P!oZA_A_4p(`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**h)`=o E'b&  8P!=oZA_A_X)`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aCAdh**h*`eo E'b&  8P!eoZA_A_X*`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**h+`_o E'b&  8P!_oZA_A_L +`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aqueh**h,`Ko E'b&  8P!KoZA_A_L ,`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h-`Θo E'b&  8P!ΘoZA_ A_p -`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h.`yo E'b&  8P!yoZA_ A_p .`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8hP! E'b&  8Ps-j$oZA_A_/`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @P!-GlZA_A_4_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h Script E'b&  8PSejT,}GlZA_4A_ _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @r. ft-W**h_&nj E'b&  8P!&njZA_}A_t | _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**h_;{j E'b&  8P!;{jZA_}A_t | _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8hPrational &ElfChnk/`~`/`~`PY^(P=f?mMF&a**/`$o E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j$oZA_A_/`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 00dcdf25-f686-4394-8909-806b7f90f10f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 1ad8740d-dac6-4ca2-81c4-86c2812e264c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. man**0`;?o E'b&  8P9!;?oZA_A_` 0`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c( **h1`R'Ko E'b&  8P!R'KoZA_A_` 1`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**h2`Bo E'b&  8P!BoZA_A_2`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**h3`o E'b&  8P!oZA_A_3`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**h4`I|Vp E'b&  8P!I|VpZA_VA_4`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**h5`:Vp E'b&  8P!:VpZA_VA_5`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**h6`>gp E'b&  8P!>gpZA_A_P 6`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h7`o* hp E'b&  8P!o* hpZA_A_P 7`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h8`+?rp E'b&  8P!+?rpZA_`A_, 8`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h9`{rp E'b&  8P!{rpZA_`A_, 9`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h:`hrp E'b&  8P!hrpZA_A_4 :`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h;`sp E'b&  8P!spZA_A_4 ;`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**x<`npsp E'b&  8P!!jnpspZA_A_4 8<`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e2d4e832-b591-4711-9f9a-4950f1b951a4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f5bdc1a5-5cce-4e75-9016-a69cf8000272 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**h=`qsp E'b&  8P!qspZA_A_=`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h>`]sp E'b&  8P!]spZA_A_>`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arsh**h?`*up E'b&  8P!*upZA_A_ ?`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h@`up E'b&  8P!upZA_A_ @`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**hA`up E'b&  8P!upZA_A_H A`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hB`&up E'b&  8P!&upZA_A_H B`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**xC`dvp E'b&  8P!!jdvpZA_A_H C`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3b444820-fd58-4b24-8fdd-a5f9bda6afc5 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c12c34f2-70d2-45ba-b377-ec89dde22702 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hD`=vp E'b&  8P!=vpZA_A_h  D`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hE`gIvp E'b&  8P!gIvpZA_A_h  E`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hF`fvp E'b&  8P!fvpZA_A_4 ,F`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hG` rvp E'b&  8P! rvpZA_A_4 ,G`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**xH`nvp E'b&  8P!!jnvpZA_A_4  H`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 62e2d64b-78ff-475e-8f21-9f75cefeaf32 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a9edaa24-7585-49a6-bdaf-a03c229ca2e3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Y;r E'b&  8P!>Y;rZA_A_n`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**xo`ңr E'b&  8P!!jңrZA__A_ o`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 733c9fba-4e43-4a1d-b0a4-7f770f72b3bb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c463ecdd-ff05-4d97-bde7-13d3ec32ad93 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hp`ʌr E'b&  8P!ʌrZA_A_p`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hq`Ռr E'b&  8P!ՌrZA_A_q`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hr`S$r E'b&  8P!S$rZA_$A_ r`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**hs`ue/r E'b&  8P!ue/rZA_$A_ s`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**ht`#Lr E'b&  8P!#LrZA_0A_< t`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**hu` Wr E'b&  8P! WrZA_0A_< u`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**xv`r E'b&  8P!!jrZA_nA_< v`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3bbfa26d-62e5-49be-b111-945735a4cdb3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d575ba3f-320a-4930-8f17-faaafadbf262 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hw`DUЎr E'b&  8P!DUЎrZA_oA_@ w`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hx` A܎r E'b&  8P! A܎rZA_oA_@ x`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hy`5 ?r E'b&  8P!5 ?rZA_pA_ Dy`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hz`Jr E'b&  8P!JrZA_pA_ Dz`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &anth**h{`+ޏr E'b&  8P!+ޏrZA_qA_ \{`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h|`ar E'b&  8P!arZA_qA_ \|`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h}`=r E'b&  8P!=rZA_A_<}`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**h~`r E'b&  8P!rZA_A_<~`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**h)`=o E'b&  8P!j-xxrZA_A_<X `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @*h*`eo E'b&  8P!eoZA_A_X*`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ace h**h+`_o E'b&  8P!_oZA_A_L +`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aqueh**h,`Ko E'b&  8P!KoZA_A_L ,`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h-`Θo E'b&  8P!ΘoZA_ A_p -`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8h**h.`yo E'b&  8P!yoZA_ A_p .`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8hP! E'b&  8Ps-j$oZA_A_/`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @P!-GlZA_A_4_Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h Script E'b&  8PSejT,}GlZA_4A_ _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @r. ft-W**h_&nj E'b&  8P!&njZA_}A_t | _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**h_;{j E'b&  8P!;{jZA_}A_t | _Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a8hPrational &ElfChnk````(]\ \(P=f?mMF&a**`-xxr E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j-xxrZA_A_<X `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9720f26f-c487-4be1-b7f5-8093e7465c6e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 019a7404-b5c8-4955-aeb4-bfa2c08683fb Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. man**`'yr E'b&  8P9!'yrZA_A_ < `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c( **h`dr E'b&  8P!drZA_A_ < `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (-h**h`r E'b&  8P!rZA_RA_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**h`oΐr E'b&  8P!oΐrZA_RA_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**x`j/r E'b&  8P!!jj/rZA_IA_ X `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 30b12efc-8e64-471b-a72e-3cf3b96340ad Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e5ac8aa0-0337-449c-879d-0eedb95eeecf Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**h`Ir E'b&  8P!IrZA_JA_, `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h`Ur E'b&  8P!UrZA_JA_, `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h`ꮑr E'b&  8P!ꮑrZA_JA_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h`źr E'b&  8P!źrZA_A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h`:r E'b&  8P!:rZA_JA_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h`őr E'b&  8P!őrZA_A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h`+r E'b&  8P!+rZA_A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h`T:r E'b&  8P!T:rZA_A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aach**h`9!s E'b&  8P!9!sZA__A_ l`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**h`e"s E'b&  8P!e"sZA__A_ l`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arsh**h` Bs E'b&  8P! BsZA_A_D`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h`Bs E'b&  8P!BsZA_A_D`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**h`T Cs E'b&  8P!T CsZA_A_ 4`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h`Cs E'b&  8P!CsZA_A_ 4`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**x`Cs E'b&  8P!!jCsZA_A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f0655c61-1c48-47c5-87aa-913c36f6d76d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = fc9c183a-a35a-4b1d-a764-2a404da07631 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**h`;Cs E'b&  8P!;CsZA_A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h`Cs E'b&  8P!CsZA_A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h` 'Ds E'b&  8P! 'DsZA_;A_  `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**h`>2Ds E'b&  8P!>2DsZA_;A_  `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**h`-TDs E'b&  8P!-TDsZA_A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h`Ds E'b&  8P!DsZA_A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h` /Es E'b&  8P! /EsZA_uA_X t`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h`:Es E'b&  8P!:EsZA_uA_X t`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth** `FEs E'b&  8P !jFEsZA_A_X `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational "p Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 06d592e4-fa8b-4fea-bc99-5da43105341e Host Application = powershell.exe -NoProfile -NonInteractive -Command try { $ErrorActionPreference = "Stop" $ProgressPreference = "SilentlyContinue" $modules = Get-InstalledModule -ErrorAction SilentlyContinue if ($modules) { foreach ($mod in $modules) { [PSCustomObject]@{ Name = $mod.Name Version = $mod.Version.ToString() Repository = $mod.Repository Author = $mod.Author } | ConvertTo-Json -Compress Write-Output "---SEPARATOR---" } } } catch { Write-Error $_.Exception.Message; exit 1 } Engine Version = 4.0 Runspace ID = a74c3e0e-24f5-4314-880c-b87b3f98c410 Pipeline ID = 1 Command Name = Command Type = Script Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The term 'Get-InstalledModule' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Fully Qualified Error ID = Microsoft.PowerShell.Commands.WriteErrorException oso **h`ȊZEs E'b&  8P!ȊZEsZA_yA_ 4`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h`vfEs E'b&  8P!vfEsZA_yA_ 4`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h`|s E'b&  8P!|sZA_A_L l `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h`|s E'b&  8P!|sZA_A_L l `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h`ps E'b&  8P!psZA_A_$ t`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h`.s E'b&  8P!.sZA_A_$ t`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h` s E'b&  8P! sZA_A_d `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h`Os E'b&  8P!OsZA_A_d `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**x`vNs E'b&  8P!!jvNsZA_|A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a9dd588b-3b1f-4ca6-82c6-d62583f1492f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 880db7c8-639a-4757-890e-3706f89db07f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. =x**h`ghs E'b&  8P!ghsZA_jA_@ @`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h`3ws E'b&  8P!3wsZA_jA_@ @`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a ($h**h`s E'b&  8P!sZA_A_  `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h`s E'b&  8P!sZA_A_  `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aTEMh**h`t E'b&  8P!tZA_A_t`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h`״t E'b&  8P!״tZA_A_t`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h`D_t E'b&  8P!D_tZA_A_(`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h`Ekt E'b&  8P!EktZA_A_(`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h`Qt E'b&  8P!QtZA_A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h`3p_t E'b&  8P!3p_tZA_A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h`,t E'b&  8P!,tZA_A_< `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h`Jt E'b&  8P!JtZA_A_< `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**x`Q t E'b&  8P!!jQ tZA_A_x`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = cebc6849-a809-49dd-b026-e59188283237 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c1ce747a-38bc-4826-8c2a-0c7318597be1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ($x**h`3t E'b&  8P!3tZA_A_l `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h` 9?t E'b&  8P! 9?tZA_A_l `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aTEMh**h`Xt E'b&  8P!XtZA_A_$ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h`"yt E'b&  8P!"ytZA_A_$ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h`t E'b&  8P!tZA_A_L `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h`+-t E'b&  8P!+-tZA_A_L `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**x`t E'b&  8P!!jtZA_A_L8 `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1991daaf-3021-4bc6-bf21-b99a2fe6dfc5 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b2c74779-5d84-4fab-b6d1-aa537d253c75 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rex**h` .t E'b&  8P! .tZA_A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h`\:t E'b&  8P!\:tZA_A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aMach**h`澣t E'b&  8P!澣tZA_A_ H `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad th**h`t E'b&  8P!tZA_A_ H `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ag =h**h`3t E'b&  8P!3tZA_\A_` ``Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h`W "t E'b&  8P!W "tZA_\A_` ``Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a ($h**h`@t E'b&  8P!@tZA_A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h`Mt E'b&  8P!MtZA_A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aTEMh**x`גt E'b&  8P!!jגtZA_QA_, `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b8e8590f-cc2a-4697-a5bc-57245a2c828a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 49b129c2-93d4-4085-9023-cbf1f451627a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**h`׫t E'b&  8P!׫tZA_UA_ (`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ad th**h`t E'b&  8P!tZA_UA_ (`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ag =h**h` 8t E'b&  8P! 8tZA_A_`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h`қ t E'b&  8P!қ tZA_A_`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a ($h**x`HOkt E'b&  8P!!jHOktZA_A_`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2312ba9c-bd0c-4c6b-852f-538808a30e0e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b73e64bd-8f95-4996-a771-f3ba44396036 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h`"t E'b&  8P!"tZA_A_ h`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h`:ސt E'b&  8P!:ސtZA_A_ h`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h`pt E'b&  8P!ptZA_A_4@ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h`mt E'b&  8P!mtZA_A_4@ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h`:t E'b&  8P!:tZA_A_ ,`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h`&7t E'b&  8P!&7tZA_A_ ,`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h`/@t E'b&  8P!/@tZA_A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aosoh**h`&t E'b&  8P!&tZA_A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h`x_e:u E'b&  8P!x_e:uZA_A_|`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahMicrosoft E'b&  8Ps-PowerShell/Operational &a8hPrational &ElfChnk`'a`'a(jI;(=f?mMFQ&**X` p:u E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU! p:uZA_A_|`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**h`y^u E'b&  8P!y^uZA_A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**h`i%^u E'b&  8P!i%^uZA_A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**h`A^u E'b&  8P!A^uZA_A_ ,`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**h`bK^u E'b&  8P!bK^uZA_A_ ,`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**@`D^u E'b&  8P!jD^uZA_'A_ 0 `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Qp;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 74a6555e-4610-431f-a4fb-fa1cef05951d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f1d783a7-4663-47b7-97a5-cc1ae46282bb Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. @**h`^u E'b&  8P!^uZA_A_|4`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h`^u E'b&  8P!^uZA_A_|4`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h`A_u E'b&  8P!A_uZA_rw E'b&  8P!Ͼ>rwZA_A_$ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**hay!Krw E'b&  8P!y!KrwZA_A_$ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &essh**haerw E'b&  8P!erwZA_A_P  aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**haqrw E'b&  8P!qrwZA_A_P  aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &in3h**x arw E'b&  8P!!jrwZA_A_P aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 42cc1345-1d5f-4a57-98fd-79d16ad97a4b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ea0cf8b2-9102-4bf3-822d-0b8e95cd20e1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rsx**h aZrw E'b&  8P!ZrwZA_A_ x aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ctih**h aEsw E'b&  8P!EswZA_A_ x aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Roh**h aIgsw E'b&  8P!IgswZA_6A_ 0 aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**h arsw E'b&  8P!rswZA_6A_ 0 aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &essh**hax E'b&  8P!xZA_A_ `aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**haix E'b&  8P!ixZA_A_ `aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &in3h**ha %x E'b&  8P! %xZA_A_aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Wih**ha%x E'b&  8P!%xZA_A_aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**haW6%x E'b&  8P!W6%xZA_A_44aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ommh**haA%x E'b&  8P!A%xZA_A_44aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t.Ph**xa᫨%x E'b&  8P!!j᫨%xZA_A_4aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e84b6fa4-6f41-49e2-813b-adf8687f5385 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 678ee959-23c3-446f-a2f2-239221848be4 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Rox**ha%x E'b&  8P!%xZA_A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**haQ$%x E'b&  8P!Q$%xZA_A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &essh**ha4&x E'b&  8P!4&xZA_A_aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**ha@&x E'b&  8P!@&xZA_A_aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &in3h**hazvx E'b&  8P!zvxZA_A_p aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Wih**haIzx E'b&  8P!IzxZA_A_p aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & } h**hamx E'b&  8P!mxZA_A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ommh**hax E'b&  8P!xZA_A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t.Ph**haV`Zx E'b&  8P!V`ZxZA_A_DtaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**haKfx E'b&  8P!KfxZA_A_DtaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**harx E'b&  8P!rxZA_A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h ax E'b&  8P!xZA_A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**x!ax E'b&  8P!!jxZA_lA_!aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7c950dca-3703-4b04-b82c-afb81164152d Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 71194c20-6671-4e82-8a04-6f610329f738 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. .Px**h"a$7x E'b&  8P!$7xZA_mA_ d"aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h#aC`Bx E'b&  8P!C`BxZA_mA_ d#aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h$a"x E'b&  8P!"xZA_A_ $aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h%aLx E'b&  8P!LxZA_A_ %aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h&anx E'b&  8P!nxZA_+A_d T &aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**h'aCx E'b&  8P!CxZA_+A_d T 'aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Michsoft-Windows E'b&  8P/@j>rxZA_A_d t(aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational Q@soft-Windows-PowerShell/Operational &aosoh**h`&t E'b&  8P!&tZA_A_ `Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h`x_e:u E'b&  8P!x_e:uZA_A_|`Microsoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahMicrosoft E'b&  8Ps-PowerShell/Operational &a8hPrational &ElfChnk(asa(asaxh~|(P=f?mMF&a**(a>rx E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j>rxZA_A_d t(aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7e4ec255-fc23-49fb-ba73-a4093824c0bb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 970252aa-280b-4c48-8c1a-dbdf93d46633 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. an**)aHx E'b&  8P9!HxZA_DA_lt)aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c({ **h*aEx E'b&  8P!ExZA_DA_lt*aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**h+aFx E'b&  8P!FxZA_A_ +aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**h,aM2x E'b&  8P!M2xZA_A_ ,aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**h-a:x E'b&  8P!:xZA_8A_4 -aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h.axcx E'b&  8P!xcxZA_8A_4 .aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**h/a6"x E'b&  8P!6"xZA_ A_ /aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atinh**h0ax E'b&  8P!xZA_ A_ 0aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aonth**x1aNUx E'b&  8P!!jNUxZA_9A_1aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 125e98c4-b3e3-46ce-b3f5-77fe97854723 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a8ced73c-be7a-41c4-89c7-2771bbf84a78 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. eIx**h2a{vx E'b&  8P!{vxZA_)A_0P2aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h3a&x E'b&  8P!&xZA_)A_0P3aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h4aafx E'b&  8P!afxZA_-A_4aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h5aRx E'b&  8P!RxZA_-A_5aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**x6aa; x E'b&  8P!!ja; xZA_A_$ 6aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 864a03df-86a4-47cc-98f7-461ec282ff33 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8dd0dd8d-d596-406e-9908-ac69fa564cd5 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. aΊx E'b&  8P!ΊxZA_A_4>aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**h?a|Gky E'b&  8P!|GkyZA_sA_ ?aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**h@aTSky E'b&  8P!TSkyZA_sA_ @aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hAay E'b&  8P!yZA_ A_4AaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hBaZ1ʐy E'b&  8P!Z1ʐyZA_ A_4BaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hCa uy E'b&  8P! uyZA_A_CaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hDa5y E'b&  8P!5yZA_A_DaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**xEaZy E'b&  8P!!jZyZA_ A_lEaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1d7dc5ec-940f-4074-9a76-da44dbc3d7e6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 3751fe53-9da6-4d88-a756-8648669b62cc Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. eIx**hFa}sy E'b&  8P!}syZA_ A_x l FaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hGa>y E'b&  8P!>yZA_ A_x l GaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hHa6y E'b&  8P!6yZA_ A_ HaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hIajy E'b&  8P!jyZA_ A_ IaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hJaz E'b&  8P!zZA_Q A_0JaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hKa$z E'b&  8P!$zZA_Q A_0KaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hLaCz E'b&  8P!CzZA_A_ LaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arsh**hMaCz E'b&  8P!CzZA_A_ MaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &actih**hNaCz E'b&  8P!CzZA_A_ NaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Roh**hOa-Cz E'b&  8P!-CzZA_A_ OaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a = h**xPax()Dz E'b&  8P!!jx()DzZA_A_PaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 144a1e5e-c7d8-4895-9090-ae772695841f Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 2ff45b37-d856-45ce-a85d-a3524c69fe1b Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Scx**hQaEADz E'b&  8P!EADzZA_ A_\QaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ath**hRaMDz E'b&  8P!MDzZA_ A_\RaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hSaQDz E'b&  8P!QDzZA_`A_@SaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hTaq=Dz E'b&  8P!q=DzZA_`A_@TaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hUaxz E'b&  8P!xzZA_A_ UaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hVaӂz E'b&  8P!ӂzZA_A_ VaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hWakU6z E'b&  8P!kU6zZA_ A_WaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hXaDABz E'b&  8P!DABzZA_ A_XaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hYaKz E'b&  8P!KzZA_RA_D YaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**hZaWz E'b&  8P!WzZA_RA_D ZaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &actih**[ajz E'b&  8P]!jjzZA_\A_[aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 554851e4-a59d-4e93-aa09-6d23ca2250f9 Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-wypjzgpg.i5l.ps1 Engine Version = 4.0 Runspace ID = 37f47711-96a4-4092-aa2b-4753f5e77c6f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ft-W**h\avz E'b&  8P!vzZA_ A_ \aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**h]âz E'b&  8P!̂zZA_ A_ ]aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a6adh**x^a,z E'b&  8P!!j,zZA_ A_ ^aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 537518a6-d393-41c8-89db-2a9877b989a0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 294333a9-3534-456f-b06e-0376cd4b91ba Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**h_az E'b&  8P!zZA_gA_@ _aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**h`a&z E'b&  8P!&zZA_gA_@ `aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**haanz E'b&  8P!nzZA_A_ aaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hbaz E'b&  8P!zZA_A_ baMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hcarz E'b&  8P!rzZA_ A_ H caMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hda^z E'b&  8P!^zZA_ A_ H daMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**xeaֺqz E'b&  8P!!jֺqzZA_A_ eaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3f009b24-0b02-400e-92c2-7eccdc2c93bd Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b1ec25cc-171c-4251-a998-1b40ccd4ed17 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. tcx**hfaH)z E'b&  8P!H)zZA_A_8 faMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aameh**hgaQ45z E'b&  8P!Q45zZA_A_8 gaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahelh**hhaF@{ E'b&  8P!F@{ZA_A_ haMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hia1L{ E'b&  8P!1L{ZA_A_ iaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hja܄{ E'b&  8P!܄{ZA_A_LjaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hkaȐ{ E'b&  8P!Ȑ{ZA_A_LkaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**xlaCQ{ E'b&  8P!!jCQ{ZA_=A_LPlaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ac71716e-e43b-4b07-87eb-6673e51ee3fe Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d7e1d486-ea79-4404-a606-d9743f17a8f8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rix**hma{ E'b&  8P!{ZA_>A_LmaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetAh**hna&{ E'b&  8P!&{ZA_>A_LnaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a'00h**hoa`{ E'b&  8P!`{ZA_pA_ oaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a cah**hpa { E'b&  8P! {ZA_pA_ paMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aworh**hqa;{ E'b&  8P!;{ZA_A_ qaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aetwh**hra-:H{ E'b&  8P!-:H{ZA_A_ raMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aatch**xsaү{ E'b&  8P!!jү{ZA_A_ hsaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 24706568-10d4-4d97-b848-e577aafbc123 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = edd00d00-2a0d-46fe-8245-d1029d9d3ad5 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x  8 E'b&  8Prational &ElfChnktaataa`yD,Q6ģ(=f?mMF &**Xtak{ E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!k{ZA_A_@taMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hua{ E'b&  8P!{ZA_A_@uaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hvagU{ E'b&  8P!gU{ZA_ A_<vaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**hwa|{ E'b&  8P!|{ZA_ A_<waMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**@xa"e{ E'b&  8P!j"e{ZA_A_ xaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  p;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b1dbe70d-a747-4337-b31b-cd0aec7a553e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e5bdaaf1-942c-49f4-930b-5128c431484f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. S@**hyaq}{ E'b&  8P!q}{ZA_A_yaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hza:{ E'b&  8P!:{ZA_A_zaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**h{a&{ E'b&  8P!&{ZA_nA_t{aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**h|a{ E'b&  8P!{ZA_oA_h |aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**h}a{ E'b&  8P!{ZA_nA_t}aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h~aN{ E'b&  8P!N{ZA_oA_h ~aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**ha2 { E'b&  8P!2 {ZA_A_0 aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hak{ E'b&  8P!k{ZA_A_0 aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**ha{{ E'b&  8P!{{ZA_oA_h4aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**ha${ E'b&  8P!${ZA_oA_h4aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hadz{ E'b&  8P!dz{ZA_yA_l (aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**ha&{ E'b&  8P!&{ZA_yA_l (aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**häA{ E'b&  8P!̈A{ZA_DA_` aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**haN{ E'b&  8P!N{ZA_DA_` aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**xa,{ E'b&  8P!!j,{ZA_kA_`aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3171eede-7b16-4bcf-b240-9810a666a1fb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 3fcfd37c-1b66-4127-9172-6155723babf5 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**ha{ E'b&  8P!{ZA_oA_p  aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**ha{ E'b&  8P!{ZA_oA_p  aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**haC{ E'b&  8P!C{ZA_[A_D aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**haN{ E'b&  8P!N{ZA_[A_D aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**haKZ| E'b&  8P!KZ|ZA_&A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**haTVZ| E'b&  8P!TVZ|ZA_&A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**ha-t| E'b&  8P!-t|ZA_'A_( L aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**hat| E'b&  8P!t|ZA_'A_( L aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**ha* u| E'b&  8P!* u|ZA_"A_aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**haWu| E'b&  8P!Wu|ZA_"A_aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xau| E'b&  8P!!ju|ZA_A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6b43ae34-bd4d-4775-ba75-de62aac5cc98 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 78576070-3026-461c-b2fc-f4238185ee70 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rsx**hau| E'b&  8P!u|ZA_A_|daMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**haΣu| E'b&  8P!Σu|ZA_A_|daMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**ha@Ov| E'b&  8P!@Ov|ZA_A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**ha=tv| E'b&  8P!=tv|ZA_A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**ha } E'b&  8P! }ZA_A_, aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hai } E'b&  8P!i }ZA_A_, aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**haI  } E'b&  8P!I  }ZA_A_` < aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**haQ( } E'b&  8P!Q( }ZA_A_` < aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**ha } E'b&  8P! }ZA_ A_l aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**ha} E'b&  8P!}ZA_ A_l aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**ha} E'b&  8P!}ZA_A_ laMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**ha%} E'b&  8P!%}ZA_A_ laMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xa } E'b&  8P!!j }ZA_A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 97433d9f-84bd-4f0e-b858-17164cfb7407 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 021e8e20-b947-4739-8020-933b530716e6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ntx**haw} E'b&  8P!w}ZA_A_aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**ha\} E'b&  8P!\}ZA_A_aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**ha} E'b&  8P!}ZA_A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**ha} E'b&  8P!}ZA_A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hay} E'b&  8P!y}ZA_XA_ 4 aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hanP} E'b&  8P!nP}ZA_XA_ 4 aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**xaF\} E'b&  8P!!jF\}ZA_A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 74a75222-d249-4578-be67-5062e2b875fe Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f853eb9b-6cf1-4fcd-9af3-0636d6ca428c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. tix**haw} E'b&  8P!w}ZA_A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**haX} E'b&  8P!X}ZA_A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Winh**ha} E'b&  8P!}ZA_A_0 X aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**haԳ} E'b&  8P!Գ}ZA_A_0 X aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**xaB} E'b&  8P!!jB}ZA_A_0 aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7685108c-c8ad-440a-a6c7-33b58f5c25d3 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = df53c495-a203-4e2e-941d-067e2389a9cd Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**hav+} E'b&  8P!v+}ZA_A_aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**haG7} E'b&  8P!G7}ZA_A_aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**haS} E'b&  8P!S}ZA_TA_< aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**ha} E'b&  8P!}ZA_TA_< aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**ha} E'b&  8P!}ZA_A_| aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**ha[$} E'b&  8P![$}ZA_A_| aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**haw } E'b&  8P!w }ZA_A_d aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**ha9} E'b&  8P!9}ZA_A_d aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**ha=} E'b&  8P!=}ZA_A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**ha.} E'b&  8P!.}ZA_A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**ha} E'b&  8P!}ZA_RA_@t aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**ha} E'b&  8P!}ZA_RA_@t aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**ha} E'b&  8P!}ZA_[A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**ha]} E'b&  8P!]}ZA_[A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**xa_} E'b&  8P!!j_}ZA_FA_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 420b1d0e-9841-4fc3-8539-649ef61cee10 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b68a02fb-12e9-4c75-87dd-33ca6701f779 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**haMw} E'b&  8P!Mw}ZA_HA_LaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**ha} E'b&  8P!}ZA_HA_LaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**ha} E'b&  8P!}ZA_A_paMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**ha} E'b&  8P!}ZA_A_paMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hair~ E'b&  8P!ir~ZA_A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**hamr~ E'b&  8P!mr~ZA_A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**haԼ~ E'b&  8P!Լ~ZA_4A_8 aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rouh**ha~ E'b&  8P!~ZA_4A_8 aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**ha8~ E'b&  8P!8~ZA_A_ | aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &elsh**ha1"~ E'b&  8P!1"~ZA_A_ | aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &} h**xa-/~ E'b&  8P!!j-/~ZA_A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 733988f1-7f3c-47e9-8c8a-0457b78ecd42 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6e038eb7-5908-4ed1-b40d-9a697bd129e1 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. inx**haeBI~ E'b&  8P!eBI~ZA_A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**ha..U~ E'b&  8P!..U~ZA_A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**haBĀ~ E'b&  8P!BĀ~ZA_A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rouh**ha-Ѐ~ E'b&  8P!-Ѐ~ZA_A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hah ! E'b&  8P!h !ZA_A_xaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &elsh**hap! E'b&  8P!p!ZA_A_xaMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &} h**haA% E'b&  8P!A%ZA_TA_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &3adh**ha% E'b&  8P!%ZA_TA_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ROUhSYSTEM  E'b&  8Pr Message = System error. x  8 E'b&  8Prational &ElfChnkabab ]yy(=f?mMF &**Xa/O+ E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!/O+ZA_]A_8 aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**has[+ E'b&  8P!s[+ZA_]A_8 aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**ha+ E'b&  8P!+ZA_;A_h p aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**hau+ E'b&  8P!u+ZA_;A_h p aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**@auV, E'b&  8P!juV,ZA_A_h  aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  p;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 5429267f-8350-450c-9ea6-74a0f2f3a267 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6fa0afd7-d7ad-43a5-b832-5274ce47358e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. S@**ha(E-, E'b&  8P!(E-,ZA_A_X aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**ha09, E'b&  8P!09,ZA_A_X aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**haG1 E'b&  8P!G1ZA_'A_ d aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**ha(1 E'b&  8P!(1ZA_'A_ d aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**haD1 E'b&  8P!D1ZA_(A_4aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**haE1 E'b&  8P!E1ZA_(A_4aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**xa=2 E'b&  8P!!j=2ZA_ A_aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d2361493-4001-499a-94f8-5c430de6f0fd Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 37d85e8f-33fa-46bc-8a11-f7aa449b746f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**ha_2 E'b&  8P!_2ZA_qA_D aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**hasj2 E'b&  8P!sj2ZA_qA_D aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**hak2 E'b&  8P!k2ZA_zA_p aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**ha`2 E'b&  8P!`2ZA_zA_p aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**xa2 E'b&  8P!!j2ZA_F!A_aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = aa9697fc-a6ad-4315-94fd-8b4c0abef330 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5216a476-0e6a-4cde-8c21-f4ed072f9365 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error.  E'b&  8P!>ZA_A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**ha3+ E'b&  8P!3+ZA_A_ aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rsh**xa = E'b&  8P!!j =ZA_j#A_aMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 4f50c065-951a-4c37-a0c2-249d2d44a4f0 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = df2b9037-0298-464a-b7b4-caf36c3c64bd Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error.  E'b&  8P! >ZA_a'A_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tih**hb.C E'b&  8P!.CZA_A_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hbqC E'b&  8P!qCZA_A_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Winh**hbC E'b&  8P!CZA_'A_0bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hbtC E'b&  8P!tCZA_'A_0bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**xbTOD E'b&  8P!!jTODZA_@(A_0pbMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d5ae5cb8-a7f2-4320-8ed0-153baee75a93 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e272300b-c414-4cc3-b8d0-c4c894f1fe29 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**hbB.uD E'b&  8P!B.uDZA_D(A_` bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hbb@D E'b&  8P!b@DZA_D(A_` bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hbI E'b&  8P!IZA_EA_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h bI E'b&  8P!IZA_EA_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h bJ E'b&  8P!JZA_(A_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h b$&J E'b&  8P!$&JZA_(A_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**x bzLJ E'b&  8P!!jzLJZA_)A_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 622c57ff-8baf-463e-9b75-f1a2f5b02909 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 2eaeab0b-a31a-4e9e-b2d6-9a28ece8d6c0 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**h bJ E'b&  8P!JZA_A_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**hb|J E'b&  8P!|JZA_A_bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**hbJ E'b&  8P!JZA_!)A_tbMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &(-nh**hbJ E'b&  8P!JZA_!)A_tbMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ $h**xb=K E'b&  8P!!j=KZA_ *A_tT bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 159ffc61-60c0-4841-972f-a442d315e01e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a17f447a-80c6-406d-b5a7-da4f5b00b8d3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. A_t 4bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at -h**h5b\ E'b&  8P!\ZA_>A_t 5bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h6b\ E'b&  8P!\ZA_80A_h 6bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atanh**h7b۴\ E'b&  8P!۴\ZA_80A_h 7bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &addrh**x8b9] E'b&  8P!!j9]ZA_A_h X 8bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = a74d138c-ce25-4a5a-ba8a-8a550f21b4b2 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5876c2e3-6647-4776-a9df-c4081dc17bf6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**h9b_] E'b&  8P!_]ZA_A_ 9bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**h:bOk] E'b&  8P!Ok]ZA_A_ :bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**h;bYRA_ E'b&  8P!YRA_ZA_0A_ ;bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hb%}_ E'b&  8P!%}_ZA_A_T @>bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &arsh**x?b!_ E'b&  8P!!j!_ZA_1A_T ?bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 06b60713-bd38-47b8-a339-2acf9c820853 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c1a79904-7323-4580-95e1-4b4cff969dab Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. A_ |bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 0b53ac32-6113-452b-8f52-5a587d7e9d02 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = de883a27-ea2c-492c-b67e-6363949e0e3a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hb(2 E'b&  8P!(2ZA_sA_4 bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hb>> E'b&  8P!>>ZA_sA_4 bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a (h**hb E'b&  8P!ZA_?A_TbMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aceIh**hbͰ E'b&  8P!ͰZA_?A_TbMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a= $h**hb] E'b&  8P!]ZA_A_xbMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a(-nh**hbi E'b&  8P!iZA_A_xbMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a{ $h**hbWR E'b&  8P!WRZA_A_ \bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at {h**hb,^ E'b&  8P!,^ZA_A_ \bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hb  E'b&  8P! ZA_@A_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hb/ E'b&  8P!/ZA_@A_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atih**hbN E'b&  8P!NZA_*A_p4bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hbaY E'b&  8P!aYZA_*A_p4bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aersh**xb]č E'b&  8P!!j]čZA_ AA_pbMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ff3d0657-6137-4c7d-af31-6b9368b69e6e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8dd4702e-99f8-4837-8159-efdb2cbb4120 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hb鍇 E'b&  8P!鍇ZA_A_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sch**hb. E'b&  8P!.ZA_A_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a -h**hbŖ E'b&  8P!ŖZA_bAA_4bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hbі E'b&  8P!іZA_bAA_4bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**b䖇 E'b&  8P]!j䖇ZA_kAA_4bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6099961e-29ec-4829-84f9-8a0a4081b46e Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-4zkamd30.q0e.ps1 Engine Version = 4.0 Runspace ID = 30546a75-a14f-48d0-8370-ac941cac6b59 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ft-W**hbW E'b&  8P!WZA_sAA_t bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a1fch**hb E'b&  8P!ZA_sAA_t bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &and h**xbr^ E'b&  8P!!jr^ZA_A_t |bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b2baa036-87d3-4a9e-bec4-38b0ee1997cb Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c47dcf9c-0789-41fe-a578-f21feb07a003 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -Wx**hb E'b&  8P!ZA_A_X bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hbh< E'b&  8P!h<ZA_A_X bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hbVX E'b&  8P!VXZA_A_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hb#d E'b&  8P!#dZA_A_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hb{c E'b&  8P!{cZA_A_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hbDO E'b&  8P!DOZA_A_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**xb\d홇 E'b&  8P!!j\d홇ZA_A_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = d0b964ac-4f52-4db3-a086-d47c7f513972 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = d612f862-8601-4688-acf9-01eaaa6c5529 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. twx**hbFB E'b&  8P!FBZA_A_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aatch**hbN E'b&  8P!NZA_A_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aameh**hb9ே E'b&  8P!9ேZA_ZBA_bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ahelh**hb쯇 E'b&  8P!쯇ZA_ZBA_bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hbD# E'b&  8P!D#ZA_A_0 bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**hb x/ E'b&  8P! x/ZA_A_0 bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &at-Wh**xb E'b&  8P!!jZA_TCA_0bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1aced27b-3c19-4d8c-8f0c-973525337bef Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8da40b30-6ab7-4122-b83b-1283b74d25de Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x  8 E'b&  8Prational &ElfChnkbcbc($+nnܸ"(=f?mMF&**Xb E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!ZA_A_d bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hb} E'b&  8P!}ZA_A_d bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hba䴇 E'b&  8P!a䴇ZA_CA_d 4bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**hb@ E'b&  8P!@ZA_CA_d 4bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**hb:j E'b&  8P!:jZA_CA_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**hbe E'b&  8P!eZA_CA_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &00-h**@b~ E'b&  8P!j~ZA_$DA_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(A?oData= ContextInfo A'=UserData A%=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 67cfbea1-ff83-4c11-bf29-ab561f233ff1 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 2f1f1f54-64ac-43ee-8465-a7fb614cc31a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. s@**hb E'b&  8P!ZA_A_hbMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hbF E'b&  8P!FZA_A_hbMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hbƵ E'b&  8P!ƵZA_A_| ,bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hbҵ E'b&  8P!ҵZA_A_| ,bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**xb1 E'b&  8P!!j1ZA_DA_| bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = daf33598-f459-46f3-8aba-d3988af2f6bc Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9a1002ec-1d34-4176-9562-652e72e2573c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. (x**hbL E'b&  8P!LZA_DA_bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ceIh**hbX E'b&  8P!XZA_DA_bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &= $h**hbv E'b&  8P!vZA_DA_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hb ¶ E'b&  8P! ¶ZA_A_ H bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hbͶ E'b&  8P!ͶZA_DA_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hbFζ E'b&  8P!FζZA_A_ H bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hb㶇 E'b&  8P!㶇ZA_DA_dbMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hb& E'b&  8P!&ZA_DA_dbMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hb] E'b&  8P!]ZA_A_bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hb] E'b&  8P!]ZA_A_bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**hbg E'b&  8P!gZA_A_X bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &CAdh**hbkg E'b&  8P!kgZA_A_X bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ce h**hb h E'b&  8P! hZA_EA_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &queh**hb$!h E'b&  8P!$!hZA_EA_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &8h**xbxh E'b&  8P!!jxhZA_FA_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = eae5f3b8-da37-4550-b65a-a28061d2ab40 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 7310af7a-5c48-4715-94d6-9d548c573d16 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. $x**hb)ch E'b&  8P!)chZA_FA_TbMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t {h**hbih E'b&  8P!ihZA_FA_TbMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &mach**hb_i E'b&  8P!_iZA_QA_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hbIi E'b&  8P!IiZA_QA_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hbA E'b&  8P!AZA_A_bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hbu E'b&  8P!uZA_A_bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hbeA E'b&  8P!eAZA_|GA_bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hb- E'b&  8P!-ZA_|GA_bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hb E'b&  8P!ZA_A_bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hb E'b&  8P!ZA_A_bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**xbT E'b&  8P!!jTZA_vHA_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6bec150b-d56e-4206-b2ad-3a78374ff53a Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 330d2888-a2e7-4e02-bb11-c6992f3457d8 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rsx**hb=m E'b&  8P!=mZA_zHA_8 bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hby E'b&  8P!yZA_zHA_8 bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hbi# E'b&  8P!i#ZA_.A_LbMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hb\ E'b&  8P!\ZA_.A_LbMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hbz3 E'b&  8P!z3ZA_4A_d bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hbC? E'b&  8P!C?ZA_4A_d bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onth**hba0 E'b&  8P!a0ZA_4JA_D 4bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t -h**hb6= E'b&  8P!6=ZA_4JA_D 4bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hb:t E'b&  8P!:tZA_5JA_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hb& E'b&  8P!&ZA_5JA_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ddrh**xb!J轉 E'b&  8P!!j!J轉ZA_JA_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9cc74d60-338c-44d7-9b31-f60a48c8abd1 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 69a483c1-9a94-4cbb-a3d9-2eb77d1ed914 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. acx**hb E'b&  8P!ZA_mA_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Sch**hbs E'b&  8P!sZA_mA_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tih**hbG! E'b&  8P!G!ZA_A_ TbMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hbc E'b&  8P!cZA_A_ TbMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hb%  E'b&  8P!% ZA_cKA_bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hb5 E'b&  8P!5ZA_cKA_bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**xbK‰ E'b&  8P!!jK‰ZA_KA_8bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = f358de1e-25c5-460f-b1a4-8fcb926bec83 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9d39427d-2047-4293-af26-0f95d1c8b0d6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. -x**hbVm‰ E'b&  8P!Vm‰ZA_4 A_ (bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hb/xy‰ E'b&  8P!/xy‰ZA_4 A_ (bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hbї‰ E'b&  8P!ї‰ZA_@ A_T bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hbƽ‰ E'b&  8P!ƽ‰ZA_@ A_T bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Winh**xbXÉ E'b&  8P!!jXÉZA_oLA_bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 3635c936-123d-4b3f-8e7e-1dc0572b0c35 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = fa50caf7-07f4-4ea8-aca2-4a70004aa239 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Gx**hb É E'b&  8P! ÉZA_sLA_L L bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-anh**hb[)É E'b&  8P![)ÉZA_sLA_L L bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &y -h**hbÉ E'b&  8P!ÉZA_ A_h4 bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hbçÉ E'b&  8P!çÉZA_LA_ bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hbƛÉ E'b&  8P!ƛÉZA_ A_h4 bMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hcƛÉ E'b&  8P!ƛÉZA_LA_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hc~ۻÉ E'b&  8P!~ۻÉZA_ A_8 X cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hcÉ E'b&  8P!ÉZA_ A_8 X cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hcߊR E'b&  8P!ߊRZA_MA_0cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hcajR E'b&  8P!ajRZA_MA_0cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hc\t E'b&  8P!\tZA_1NA_DcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hct E'b&  8P!tZA_1NA_DcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hct E'b&  8P!tZA_A A_< cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**hct E'b&  8P!tZA_A A_< cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**x czPQu E'b&  8P!!jzPQuZA_z A_h cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = ed4ad9e8-6591-4574-afd4-5072a3e2389e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 5bf766fe-96a4-4c8a-bec9-c59c89f89121 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h cʏlu E'b&  8P!ʏluZA_NA_d cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h c\{xu E'b&  8P!\{xuZA_NA_d cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h c1u E'b&  8P!1uZA_ A_  cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h cpu E'b&  8P!puZA_ A_  cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hc e E'b&  8P! eZA_PA_L,cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Exeh**hc/s E'b&  8P!/sZA_PA_L,cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tinh**hcw' E'b&  8P!w'ZA_N A_ 4cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &uteh**hcI=' E'b&  8P!I='ZA_N A_ 4cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &adah**hc' E'b&  8P!'ZA_Z A_` cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rouh**hc' E'b&  8P!'ZA_Z A_` cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h$cfg = Get-C E'b&  8Ponj0(ZA_ A_` cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @{ $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 8da40b30-6ab7-4122-b83b-1283b74d25de Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x  8 E'b&  8Prational &ElfChnkcRccRcpXa4 <(P=f?mMF&a**c0( E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8P!j0(ZA_ A_` cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational p;)(D EventDataA?PoData= ContextInfo A'P=UserData A%P=Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 547656ba-fe88-4129-ada9-d118706eef69 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f2384116-be3e-4174-bcac-06c7533702da Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. ) {**cL( E'b&  8P9!L(ZA_0QA_cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a&| p)c((-**hcX( E'b&  8P!X(ZA_0QA_cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**hc|;( E'b&  8P!|;(ZA_ A_(P cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &act h**hc ( E'b&  8P! (ZA_ A_(P cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a$mah**hc) E'b&  8P!)ZA_LRA_x, cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a Sh**hc1 %) E'b&  8P!1 %)ZA_LRA_x, cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ash**H/cO9* E'b&  8P-!jO9*ZA_ A_x cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational -@ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b199bbfb-6023-41e4-8c89-545ba8a461b6 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $os = Get-CimInstance -ClassName Win32_OperatingSystem $license = Get-CimInstance -ClassName SoftwareLicensingProduct | Where-Object { $_.PartialProductKey -ne $null -and $_.Name -like "*Windows*" } | Select-Object -First 1 $slService = Get-CimInstance -ClassName SoftwareLicensingService -ErrorAction SilentlyContinue # Activation status mapping $activationStatus = "unknown" if ($license) { switch ($license.LicenseStatus) { 0 { $activationStatus = "unlicensed" } 1 { $activationStatus = "activated" } 2 { $activationStatus = "out_of_box_grace" } 3 { $activationStatus = "out_of_tolerance_grace" } 4 { $activationStatus = "non_genuine_grace" } 5 { $activationStatus = "notification" } 6 { $activationStatus = "extended_grace" } default { $activationStatus = "unknown" } } } # Edition name mapping from SKU $editionName = "Unknown" $licenseFamily = "Unknown" if ($os.OperatingSystemSKU) { switch ($os.OperatingSystemSKU) { 7 { $editionName = "Server Standard"; $licenseFamily = "ServerStandard" } 8 { $editionName = "Server Datacenter"; $licenseFamily = "ServerDatacenter" } 10 { $editionName = "Server Enterprise"; $licenseFamily = "ServerEnterprise" } 12 { $editionName = "Server Datacenter (Core)"; $licenseFamily = "ServerDatacenter" } 13 { $editionName = "Server Standard (Core)"; $licenseFamily = "ServerStandard" } 14 { $editionName = "Server Enterprise (Core)"; $licenseFamily = "ServerEnterprise" } 39 { $editionName = "Server Datacenter (No GUI)"; $licenseFamily = "ServerDatacenter" } 40 { $editionName = "Server Standard (No GUI)"; $licenseFamily = "ServerStandard" } default { $editionName = $os.Caption } } } # Detect server role (Full GUI, Server Core, Nano) $serverRole = "Full GUI" $installationType = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Name InstallationType -ErrorAction SilentlyContinue if ($installationType) { switch ($installationType.InstallationType) { "Server Core" { $serverRole = "Server Core" } "Nano Server" { $serverRole = "Nano Server" } default { $serverRole = "Full GUI" } } } # KMS/MAK activation details $metadata = @{ license_channel = "Unknown" license_family = $licenseFamily server_role = $serverRole } # Get KMS server information $kmsReg = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" -ErrorAction SilentlyContinue if ($kmsReg) { if ($kmsReg.KeyManagementServiceMachine) { $metadata.kms_server = $kmsReg.KeyManagementServiceMachine if ($kmsReg.KeyManagementServicePort) { $metadata.kms_server = "$($kmsReg.KeyManagementServiceMachine):$($kmsReg.KeyManagementServicePort)" } $metadata.license_channel = "Volume" } if ($kmsReg.VLActivationInterval) { $metadata.activation_interval = $kmsReg.VLActivationInterval } if ($kmsReg.VLRenewalInterval) { $metadata.renewal_interval = $kmsReg.VLRenewalInterval } } # Grace period and expiration info if ($license) { if ($license.GracePeriodRemaining) { $graceDays = [math]::Floor($license.GracePeriodRemaining / 1440) $metadata.grace_period_remaining = $graceDays } # License channel detection if ($license.ProductKeyChannel) { $metadata.license_channel = $license.ProductKeyChannel } elseif ($license.Description -match "MAK") { $metadata.license_channel = "MAK" } elseif ($license.Description -match "KMS") { $metadata.license_channel = "Volume" } elseif ($license.Description -match "OEM") { $metadata.license_channel = "OEM" } elseif ($license.Description -match "Retail") { $metadata.license_channel = "Retail" } # License family from product if ($license.LicenseFamily) { $metadata.license_family = $license.LicenseFamily } } # Terminal Services / RDS CAL information $tsLicensingMode = "Not configured" $tsPath = "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\Licensing Core" if (Test-Path $tsPath) { $licensing = Get-ItemProperty -Path $tsPath -ErrorAction SilentlyContinue if ($licensing -and $licensing.LicensingMode) { switch ($licensing.LicensingMode) { 2 { $tsLicensingMode = "Per Device" } 4 { $tsLicensingMode = "Per User" } 5 { $tsLicensingMode = "Not Configured" } default { $tsLicensingMode = "Unknown" } } $metadata.rds_licensing_mode = $tsLicensingMode } } # Check for domain membership (affects CAL requirements) $computerSystem = Get-CimInstance -ClassName Win32_ComputerSystem -ErrorAction SilentlyContinue if ($computerSystem) { if ($computerSystem.PartOfDomain) { $metadata.domain_joined = $true $metadata.domain_name = $computerSystem.Domain } else { $metadata.domain_joined = $false } } $result = @{ ProductName = $os.Caption Version = $os.Version Edition = $editionName PartialKey = if ($license) { $license.PartialProductKey } else { "" } ActivationStatus = $activationStatus LicenseType = if ($license) { $license.Description } else { "" } Metadata = ($metadata | ConvertTo-Json -Compress) } $result | ConvertTo-Json Engine Version = 4.0 Runspace ID = 4603a6d4-159d-4410-8da9-7f7ead1e596a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rActH/**hcMdU* E'b&  8P!MdU*ZA_sRA_cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ae |h**hca* E'b&  8P!a*ZA_sRA_cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aeakh**hc#+ E'b&  8P!#+ZA_ A_( cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ammah**hcx+ E'b&  8P!x+ZA_ A_( cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &awayh**h cTZ+ E'b&  8P!TZ+ZA_RA_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atewh**h!c%F+ E'b&  8P!%F+ZA_RA_ !cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**h"cpR, E'b&  8P!pR,ZA_ A_ ` "cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah =h**h#c6^, E'b&  8P!6^,ZA_ A_ ` #cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h$cs, E'b&  8P!s,ZA_RA_X $cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h%c, E'b&  8P!,ZA_RA_X %cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h&c6 E'b&  8P!6ZA_RA_th&cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h'c? E'b&  8P!?ZA_RA_th'cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h(cj̋ E'b&  8P!j̋ZA_SA_d(cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h)cD̋ E'b&  8P!D̋ZA_SA_d)cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h*c[<Ջ E'b&  8P![<ՋZA_8SA_$` *cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h+c'Ջ E'b&  8P!'ՋZA_8SA_$` +cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**,c:Ջ E'b&  8P]!j:ՋZA_ A_$ ,cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 6d1ea454-4c13-4e63-92ce-51e326150073 Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-2k1wjrqh.wkg.ps1 Engine Version = 4.0 Runspace ID = 9014c3bf-99a9-45bc-91c7-1dd061442545 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. lyCo**h-cՋ E'b&  8P!ՋZA_ A_lL -cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atlyh**h.cl7֋ E'b&  8P!l7֋ZA_ A_lL .cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &abjeh**x/c.r֋ E'b&  8P!!j.r֋ZA_ A_l/cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 8a5a2db7-1489-4189-9fa7-e3317f536606 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 6b4308da-4a59-4032-97ef-2ca26f14965a Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h0cS֋ E'b&  8P!S֋ZA_ A_$ 0cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h1c Χ֋ E'b&  8P! Χ֋ZA_ A_$ 1cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h2cY؋ E'b&  8P!Y؋ZA_SA_L L 2cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h3che؋ E'b&  8P!he؋ZA_SA_L L 3cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h4c>|؋ E'b&  8P!>|؋ZA_SA_ 4cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h5cj*؋ E'b&  8P!j*؋ZA_SA_ 5cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**x6cZ؋ E'b&  8P!!jZ؋ZA_ A_, 6cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 80e483c9-6c19-460d-9a0b-769ddd33ee84 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c2e395f5-3bd6-462d-91fc-6a6a8fe3ea43 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**h7c E'b&  8P!ZA_TA_4 L7cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h8c E'b&  8P!ZA_TA_4 L8cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h9ck E'b&  8P!kZA_TA_ X 9cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h:cϘ E'b&  8P!ϘZA_TA_ X :cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h;c E'b&  8P!ZA_TA_ ;cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hc1a E'b&  8P!1aZA_A_>cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h?cl E'b&  8P!lZA_A_?cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**h@c E'b&  8P!ZA_]A_  @cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hAcAX E'b&  8P!AXZA_]A_  AcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hBcZ E'b&  8P!ZZA_~A_44BcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a poh**hCc, E'b&  8P!,ZA_~A_44CcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ayCoh**xDcjZ E'b&  8P!!jjZZA_UA_4DcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 04cfa27a-a2fb-42a0-8bbb-6a6553261355 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9e9e6be5-760b-43b2-a0e7-a3abb0d306af Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hEc} E'b&  8P!}ZA_UA_EcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hFcA4 E'b&  8P!A4ZA_UA_FcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hGcã E'b&  8P!ãZA_ A_ DGcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**hHcZ E'b&  8P!ZZA_ A_ DHcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ah**xIcq E'b&  8P!!jqZA_SA_ IcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = fbc5642c-32f3-4759-8ae5-cba9047fa120 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a1ed3836-9a05-4015-a5aa-b852ce3f4698 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. rfx**hJcKn) E'b&  8P!Kn)ZA_WA_ JcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &amach**hKcZ5 E'b&  8P!Z5ZA_WA_ KcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a ifh**hLcoњ E'b&  8P!oњZA_VA_ LcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aecth**hMc{z E'b&  8P!{zZA_VA_ McMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &abjeh**hNc` E'b&  8P!`ZA_A_<,NcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a { h**hOc8 E'b&  8P!8ZA_A_<,OcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a h**hPc] E'b&  8P!]ZA_VA_PcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a. h**`Qc. E'b&  8P !j.ZA_A_<`QcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational | p Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = dd57da33-3141-4408-9a1c-dd252403e57b Host Application = powershell.exe -NoProfile -NonInteractive -Command try { $ErrorActionPreference = "Stop" $ProgressPreference = "SilentlyContinue" if (-not (Get-Module -ListAvailable -Name PSWindowsUpdate)) { Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser -Force if (-not (Get-PackageProvider -Name NuGet -ErrorAction SilentlyContinue)) { Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force } if ((Get-PSRepository -Name 'PSGallery').InstallationPolicy -ne 'Trusted') { Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted } Install-Module -Name PSWindowsUpdate -Force -AllowClobber -Scope CurrentUser } Import-Module PSWindowsUpdate -Force $pending = @(Get-WindowsUpdate -IsInstalled $false -ErrorAction Stop | Where-Object { $_.IsDownloaded -ne $true }) if ($pending.Count -eq 0) { Write-Output "No updates need to be downloaded (all available updates are already downloaded)" exit 0 } Get-WindowsUpdate -Download -AcceptAll -IgnoreReboot -ErrorAction Stop | Out-Null Write-Output ("Downloaded available updates via PSWindowsUpdate (pending before download: " + $pending.Count + ")") exit 0 } catch { Write-Error $_.Exception.Message; exit 1 } Engine Version = 4.0 Runspace ID = f5ff4da6-d67f-4cdb-a455-70530f6b472d Pipeline ID = 1 Command Name = Command Type = Script Script Name = Command Path = Sequence Number = 18 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The term 'Get-PackageProvider' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Fully Qualified Error ID = Microsoft.PowerShell.Commands.WriteErrorException `**hRcЁ E'b&  8P!ЁZA_VA_RcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &aTEMh Shel E'b&  8Pe = System error. x  8 E'b&  8Prational &ElfChnkSccScc!ot(=f?mMF &**XSc E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!ZA_A_| ScMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**hTc~ E'b&  8P!~ZA_A_| TcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Hoh**hUc:; E'b&  8P!:;ZA_VA_ UcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &op'h**hVcjBH E'b&  8P!jBHZA_VA_ VcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eMeh**Wc[Z E'b&  8PU!j[ZZA_VA_ WcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  p;)(A?oData= ContextInfo A'=UserData A%=Payload p Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 33b27b8b-9608-4150-9d05-a8cb1d1d9607 Host Application = powershell.exe -NoProfile -NonInteractive -Command try { $ErrorActionPreference = "Stop" $ProgressPreference = "SilentlyContinue" if (-not (Get-Module -ListAvailable -Name PSWindowsUpdate)) { Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser -Force if (-not (Get-PackageProvider -Name NuGet -ErrorAction SilentlyContinue)) { Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force } if ((Get-PSRepository -Name 'PSGallery').InstallationPolicy -ne 'Trusted') { Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted } Install-Module -Name PSWindowsUpdate -Force -AllowClobber -Scope CurrentUser } Import-Module PSWindowsUpdate -Force $updates = @(Get-WindowsUpdate -IsInstalled $false -ErrorAction Stop | Where-Object { $_.IsDownloaded -eq $true }) foreach ($u in $updates) { $kb = "" if ($u.KBArticleIDs -and $u.KBArticleIDs.Count -gt 0) { $kb = $u.KBArticleIDs[0] } [PSCustomObject]@{ Title = $u.Title Size = $u.Size KB = $kb Categories = ($u.Categories | ForEach-Object { $_.Name }) -join "," Severity = if ($u.MsrcSeverity) { $u.MsrcSeverity } else { "Unknown" } Description = $u.Description IsDownloaded = $u.IsDownloaded SupportUrl = $u.SupportUrl } | ConvertTo-Json -Compress Write-Output "---SEPARATOR---" } exit 0 } catch { Write-Error $_.Exception.Message; exit 1 } Engine Version = 4.0 Runspace ID = 066d81fc-e0cb-4cf6-a8bc-850c0b99c01d Pipeline ID = 1 Command Name = Command Type = Script Script Name = Command Path = Sequence Number = 18 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The term 'Get-PackageProvider' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Fully Qualified Error ID = Microsoft.PowerShell.Commands.WriteErrorException A_x**hXc,qk E'b&  8P!,qkZA_A_,lXcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ersh**hYc\w E'b&  8P!\wZA_A_,lYcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Geh**hZcMG E'b&  8P!MGZA_WA_44ZcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &e "h**h[c3 E'b&  8P!3ZA_WA_44[cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tioh**h\cf= E'b&  8P!f=ZA_3A_< \cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &onSh**h]c) E'b&  8P!)ZA_3A_< ]cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &} h**h^c6ǎ E'b&  8P!6ǎZA_WA_l ^cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &milh**h_cmю E'b&  8P!mюZA_WA_l _cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Namh**h`c s E'b&  8P! sZA_$XA_  `cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Dah**hacɪ E'b&  8P!ɪZA_$XA_  acMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &erph**hbcP檌 E'b&  8P!P檌ZA_A_t bcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tanh**hcc E'b&  8P!ZA_A_t ccMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Fulh**xdctY E'b&  8P!!jtYZA_XA_dcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 332fc203-f7b7-4701-b2fc-42891a65518b Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = faabe413-b8a6-4e8c-9b2c-b0bc26087d19 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hecMq E'b&  8P!MqZA_XA_8 $ ecMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &esth**hfc*} E'b&  8P!*}ZA_XA_8 $ fcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Modh**hgc㫌 E'b&  8P!㫌ZA_aA_ gcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &n" h**hhc'` E'b&  8P!'`ZA_aA_ hcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Wih**hicrP' E'b&  8P!rP'ZA_kA_<icMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &$coh**hjc' E'b&  8P!'ZA_kA_<jcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Ph**hkcMA E'b&  8P!MAZA_BZA_ kcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hlcI7A E'b&  8P!I7AZA_BZA_ lcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hmc] E'b&  8P!]ZA_uZA_4 mcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &YSTh**hncǘ] E'b&  8P!ǘ]ZA_uZA_4 ncMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**hoc4] E'b&  8P!4]ZA_|ZA_ X ocMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**hpco] E'b&  8P!o]ZA_|ZA_ X pcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mich**xqc](^ E'b&  8P!!j](^ZA_ZA_ qcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9b58aeef-daa4-4f45-b6e6-f97457b91637 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a1f0d417-942f-48a0-9cf8-858e9ead2ada Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hrc!A^ E'b&  8P!!A^ZA_ZA_ 4rcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hsc M^ E'b&  8P! M^ZA_ZA_ 4scMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**htca^ E'b&  8P!a^ZA_A_, tcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t Nh**huc^ E'b&  8P!^ZA_A_, ucMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rshh**hvc@@ E'b&  8P!@@ZA_[A_\ vcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d06h**hwc( E'b&  8P!(ZA_[A_\ wcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & WOh**hxcg E'b&  8P!gZA_"A_0xcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & -ch**hycr E'b&  8P!rZA_"A_0ycMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & .ch**hzcnH E'b&  8P!nHZA_ \A_d0 zcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &/ch**h{cK4 E'b&  8P!K4ZA_ \A_d0 {cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &on h**|cG E'b&  8P]!jGZA_\A_d |cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = e24fbcef-0b11-40ff-96a4-ac44a8a0c017 Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoProfile -File C:\Windows\TEMP\neptune-install-kbxytof3.00p.ps1 Engine Version = 4.0 Runspace ID = 6cb2a721-691a-4063-89c2-a2997dfd09a7 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. te a**h}c9 E'b&  8P!9ZA_\A_<|}cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & $ch**h~c( E'b&  8P!(ZA_\A_<|~cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**xcIg E'b&  8P!!jIgZA_z\A_<cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 87375572-1ddd-40bb-99f0-9aa709fe5bdc Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 33a41a01-e743-49c2-a47d-05fe1cc1932c Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. tix**hc E'b&  8P!ZA_A_@ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tioh**hc? E'b&  8P!?ZA_A_@ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &) {h**hc뎙 E'b&  8P!뎙ZA_A_4T cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**hcz E'b&  8P!zZA_A_4T cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &e ah**hc  E'b&  8P! ZA_A_@cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & $ch**hcg1 E'b&  8P!g1ZA_A_@cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**xc?@* E'b&  8P!!j?@*ZA_YA_XcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = b68755e7-e0f3-4ce5-b1a4-aeb4f4fe01f9 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = b9eb31be-eed3-4bb4-8e62-694cb27d8fa6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. tix**hc~  E'b&  8P!~ ZA_]A_( cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tioh**hc/  E'b&  8P!/ ZA_]A_( cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &) {h**hcQm E'b&  8P!QmZA_]A_cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**hcy E'b&  8P!yZA_]A_cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &e ah**hc E'b&  8P!ZA_eA_L cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & $ch**hc E'b&  8P!ZA_eA_L cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**xc- E'b&  8P!!j-ZA_A_L|cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1481a556-749d-4563-a939-3a3383a540e5 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = a298dc83-1034-4a51-abe8-4e597882fab3 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. tix**hc cE E'b&  8P! cEZA_A_LcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tioh**hcf9Q E'b&  8P!f9QZA_A_LcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &) {h**hct  E'b&  8P!t ZA_A_tXcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**hcM  E'b&  8P!M ZA_A_tXcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &e ah**hc ! E'b&  8P! !ZA_^A_ dcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & $ch**hc! E'b&  8P!!ZA_^A_ dcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**xc~x! E'b&  8P!!j~x!ZA_0A_ p cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 120695c8-b8b5-4863-aa1d-f97e84cb1359 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = c6379f88-7983-44f3-9e0a-5890533d9317 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. {x**hc|! E'b&  8P!|!ZA_4A_ xcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &terh**hcʨ! E'b&  8P!ʨ!ZA_4A_ xcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &e ah**hcy! E'b&  8P!y!ZA_V_A_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & $ch**hc:! E'b&  8P!:!ZA_V_A_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & { h**xcQ1" E'b&  8P!!jQ1"ZA_Q`A_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 71a2624d-f0e4-48c1-9d49-7ff7c2e2dd27 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = df4cf2a1-2a24-42f8-965c-9266c1f4e60f Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Nx**hcJ" E'b&  8P!J"ZA_U`A_|8cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &andh**hcvV" E'b&  8P!vV"ZA_U`A_|8cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &cuth**hc/" E'b&  8P!/"ZA_PA_ (cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ionh**hcű" E'b&  8P!ű"ZA_PA_ (cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-Moh**hcѶ" E'b&  8P!Ѷ"ZA_SA_(cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Stoh**hc" E'b&  8P!"ZA_aA_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hc " E'b&  8P! "ZA_SA_(cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & doh**hc`" E'b&  8P!`"ZA_aA_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &530h**hc%0ʎ E'b&  8P!%0ʎZA_A_@cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Useh**hc ˎ E'b&  8P! ˎZA_A_@cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ramh**hc7ӎ E'b&  8P!7ӎZA_A_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &a ph**hc/ӎ E'b&  8P!/ӎZA_A_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hc, Ԏ E'b&  8P!, ԎZA_A_ pcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h  E'b&  8P8 E'b&  8Prational &ElfChnkcdcd0FHy( =f?mMF &**Xc`Ԏ E'b&E'bUa4UxLIDwEAM Eventjxmlns5http://schemas.microsoft.com/win/2004/08/events/eventoTSystemAY{Provider6F=KNameX)GuidAMzaEventID'X) Qualifiers " Version dLevelE{Task ?Opcode$fjKeywordsAP; TimeCreated'j<{ SystemTime .F EventRecordID A Correlation\FF ActivityIDmz5RelatedActivityID Am ExecutionHFF ProcessID9ThreadID "aChannel<F;nComputer FILF-APP-RECAB.SecurityfLUserID !  8PU!`ԎZA_A_ pcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &&| p)c."(D EventDataX**@c }Ԏ E'b&  8P!j }ԎZA_ A_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  p;)(A? oData= ContextInfo A' =UserData A% =Payload @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 67672859-8cc0-4c9d-ba2a-2bdb0a7d7bd7 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 515f7fcc-bd9f-4452-899a-de78bd3295ce Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. o@**hcԎ E'b&  8P!ԎZA_A_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &_.Eh**hc Ԏ E'b&  8P! ԎZA_A_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Comh**hc Վ E'b&  8P! ՎZA_A_dcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &rorh**hcՎ E'b&  8P!ՎZA_A_dcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ed h**hc} E'b&  8P!}ZA_A_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ullh**hc} E'b&  8P!}ZA_A_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hc E'b&  8P!ZA_MA_$ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hc򿆏 E'b&  8P!򿆏ZA_MA_$ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hcg!ۆ E'b&  8P!g!ۆZA_VA_$ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hcބ熏 E'b&  8P!ބ熏ZA_VA_$ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**xcM E'b&  8P!!jMZA_WeA_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 2487bce6-152c-4ab1-aa38-8f4fbf47bc17 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = ddf882d3-51aa-4631-aff0-4b921bb4d22d Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hcg E'b&  8P!gZA_\eA_cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mach**hcxq E'b&  8P!xqZA_\eA_cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d th**hc⇏ E'b&  8P!⇏ZA_A_4$cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &g =h**hc E'b&  8P!ZA_A_4$cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hc E'b&  8P!ZA_ fA_0 cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & ($h**hcG E'b&  8P!GZA_ fA_0 cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hcW%V% E'b&  8P!W%V%ZA_A_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &TEMh**hcb% E'b&  8P!b%ZA_A_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hc`% E'b&  8P!`%ZA_(fA_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**hcL% E'b&  8P!L%ZA_(fA_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &osoh**xc3& E'b&  8P!!j3&ZA_fA_ pcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 243152ce-bade-4aff-ae44-475b7e1a332e Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 79ab7c93-4752-4f15-a182-42b4a078605e Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. Pox**hc!:& E'b&  8P!!:&ZA_QA_4 $ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Preh**hcڒF& E'b&  8P!ڒF&ZA_QA_4 $ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hc8. E'b&  8P!8.ZA_A_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Mach**hcoE . E'b&  8P!oE .ZA_A_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &d th**hcö>. E'b&  8P!ö>.ZA_A_cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &g =h**hc˙L. E'b&  8P!˙L.ZA_A_cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**xc(. E'b&  8P!!j(.ZA_gA_0cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 1a5ed1ec-ddde-459a-92b4-72e5385d0fac Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = f2ec293d-f774-4187-8563-815e0e7d23a6 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hc. E'b&  8P!.ZA_!A_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hc. E'b&  8P!.ZA_!A_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hc. E'b&  8P!.ZA_(A_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &me h**hcߎ/ E'b&  8P!ߎ/ZA_(A_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ll.h**xci/ E'b&  8P!!ji/ZA_A_  cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 7a9cb81f-eeea-4460-bad7-99ebcde67cd4 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = 9ef10ac3-7575-450c-8e46-39378df83312 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. { x**hc6M/ E'b&  8P!6M/ZA_A_cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & }h**hc8/ E'b&  8P!8/ZA_A_cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hcNw/ E'b&  8P!Nw/ZA_ iA_tcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &1cch**hcn/ E'b&  8P!n/ZA_A_ 0 cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ORKh**hcJ/ E'b&  8P!J/ZA_ iA_tcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hc^90 E'b&  8P!^90ZA_A_ 0 cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hcq0 E'b&  8P!q0ZA_iA_cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hc0 E'b&  8P!0ZA_iA_cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hc E'b&  8P!ZA_iA_ lcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hcU E'b&  8P!UZA_iA_ lcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hc E'b&  8P!ZA_wA_\0 cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hc3$ E'b&  8P!3$ZA_wA_\0 cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & 4.h**hc@ E'b&  8P!@ZA_iA_TcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ferh**hcKO E'b&  8P!KOZA_iA_TcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &trih**xc4 E'b&  8P!!j4ZA_A_TcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational  @ Severity = Warning Host Name = ConsoleHost Host Version = 4.0 Host ID = 9062463b-e670-4623-8779-ac4b003a2183 Host Application = powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -Command $ErrorActionPreference = 'Stop' $mac = $null try { if (Get-Command Get-NetRoute -ErrorAction SilentlyContinue) { $routes = Get-NetRoute -DestinationPrefix '0.0.0.0/0' | Sort-Object RouteMetric,InterfaceMetric if ($routes -and (Get-Command Get-NetAdapter -ErrorAction SilentlyContinue)) { foreach ($route in $routes) { try { $adapter = Get-NetAdapter -InterfaceIndex $route.InterfaceIndex -ErrorAction SilentlyContinue | Select-Object -First 1 if ($adapter -and $adapter.MacAddress -and $adapter.MacAddress -ne '00-00-00-00-00-00') { $mac = $adapter.MacAddress break } } catch { # skip this route and try next } } } } } catch { # ignore and fall back } if (-not $mac) { try { if (Get-Command Get-CimInstance -ErrorAction SilentlyContinue) { $cfg = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } else { $cfg = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -and $_.DefaultIPGateway -and $_.MACAddress } | Select-Object -First 1 } if ($cfg) { $mac = $cfg.MACAddress } } catch { # ignore } } if ($mac) { $mac } Engine Version = 4.0 Runspace ID = e984d8b7-4060-41a1-92be-902e24fcf2a5 Pipeline ID = 1 Command Name = Command Type = Script Name = Command Path = Sequence Number = 15 User = WORKGROUP\SYSTEM Shell ID = Microsoft.PowerShell Error Message = System error. x**hcT E'b&  8P!TZA_jA_h< cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hc E'b&  8P!ZA_jA_h< cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hcAm? E'b&  8P!Am?ZA_A_l cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hc&YK E'b&  8P!&YKZA_A_l cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & 4.h**hc18 E'b&  8P!18ZA_kA_cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ferh**hc$ E'b&  8P!$ZA_kA_cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &trih**hc E'b&  8P!ZA_A_4 lcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &etAh**hc E'b&  8P!ZA_A_4 lcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &'00h**hcK E'b&  8P!KZA_A_l  cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & cah**hc7 E'b&  8P!7ZA_A_l  cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &worh**hc% E'b&  8P!%ZA_A_@ hcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &etwh**hcj E'b&  8P!jZA_A_@ hcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &atch**hc E'b&  8P!ZA_kA_\cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ameh**hc! E'b&  8P!!ZA_kA_\cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &helh**hc[2 E'b&  8P![2ZA_A_@ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hcG> E'b&  8P!G>ZA_A_@ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hc3M E'b&  8P!3MZA_kA_ < cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hclX E'b&  8P!lXZA_kA_ < cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hc1)i E'b&  8P!1)iZA_A_hcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hct E'b&  8P!tZA_A_hcMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hc1 E'b&  8P!1ZA_lA_, cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &t-Wh**hcy E'b&  8P!yZA_lA_, cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &84ch**hc E'b&  8P!ZA_ lA_ 0cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**hc E'b&  8P!ZA_ lA_ 0cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &nd h**hc E'b&  8P!ZA_A_T cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &orAh**hcp! E'b&  8P!p!ZA_A_T cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &acAh**hc! E'b&  8P!!ZA_lA_, cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &{ h**hc E'b&  8P!ZA_lA_, cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ed h**hc6 E'b&  8P!6ZA_lA_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &bleh**hc E'b&  8P!ZA_lA_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hc  E'b&  8P! ZA_lA_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & = h**hcx E'b&  8P!xZA_lA_ cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &|!h**hc% E'b&  8P!%ZA_A_X< cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &ʨ!h**hc1 E'b&  8P!1ZA_A_X< cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &y!h**hc*A E'b&  8P!*AZA_lA_`( cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &:!h**hcyO E'b&  8P!yOZA_lA_`( cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Q1"h**hc'^ E'b&  8P!'^ZA_A_<  cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Seh**hci E'b&  8P!iZA_A_<  cMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &-Noh**hdy E'b&  8P!yZA_A_LdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & $rh**hd¨ E'b&  8P!¨ZA_A_LdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hd? E'b&  8P!?ZA_A_xdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & h**hd=¢ E'b&  8P!=¢ZA_A_xdMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &tchh**hda E'b&  8P!aZA_,lA_  dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &Acth**hdqM E'b&  8P!qMZA_,lA_  dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &eleh**hd3  E'b&  8P!3 ZA_A_H dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational & Seh**hd E'b&  8P!ZA_A_H dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &f2ah**hdP E'b&  8P!PZA_A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &r =h**h d E'b&  8P!ZA_A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h d E'b&  8P!ZA_A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h dx E'b&  8P!xZA_A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h dX E'b&  8P!XZA_A_t  dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**h dD* E'b&  8P!D*ZA_A_t  dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hd; E'b&  8P!;ZA_A_dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hdF E'b&  8P!FZA_A_dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hd4V E'b&  8P!4VZA_>lA_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hdx` E'b&  8P!x`ZA_>lA_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hdpq E'b&  8P!pqZA_A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hdq{ E'b&  8P!q{ZA_A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hdq E'b&  8P!qZA_IlA_l< dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hd] E'b&  8P!]ZA_IlA_l< dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &h**hd2 E'b&  8P!2ZA_A_ dMicrosoft-Windows-PowerShell;@\Kf<ŏZMicrosoft-Windows-PowerShell/Operational &hb&  8Prational &